I'm having a small issue with implementing custom basic authentication for a asmx in .net 4.0. I've created the HttpModule which would start the authentication process of the web service consumer runnig this code,
HttpApplication application = (source as HttpApplication);
HttpContext context = application.Context;
if ( VirtualPathUtility.GetFileName(context.Request.FilePath).Contains("svcEWS.asmx"))
{
string username = "", password = "";
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
if (!string.IsNullOrEmpty(authHeader) && authHeader.StartsWith("Basic"))
{
//Authenticate here
}
}
However there is no authentication header present whenever this code is reached. The consuming web app is simply calling,
EWS.svcEWS svcEWS = new EWS.svcEWS();
svcEWS.Credentials = new NetworkCredential("admin", "admin", "example.com");
svcEWS.HelloWorld();
IIS is set to run with anonymous authentication to anonymous authentication to prevent it from catching any auth requests.
Is there something I'm missing to have the client pass the correct header to my module?
I was forgetting to reject the first request with 401 code to force authentication. Doing so fixes the problem, as the invoker re sends the request with the auth header.