0

I used this tutorial to create a basic authentication for my website:
http://msdn.microsoft.com/en-us/data/gg192997.aspx
I modified the password to admin, however, when I try to access the website in any browser, it always prompts for username and password but never accepts it. If I change the code to return true on 

public static bool Authenticate(HttpContext context)

It doesn't change anything. What else should I set?

Improve this question
2
  • We need more code. You haven't provided enough detail. There could be a thousand and one things going wrong. Commented Mar 9, 2013 at 1:56
  • The code is on the link, I just modified the password string. Commented Mar 9, 2013 at 9:49

1 Answer 1

Reset to default
1

Make sure that all authentication settings in IIS (for the specific site) are disabled and only Basic Authentication is enabled. Browsers are expected to request a user and password that are always acceptable when they are valid. Sometimes restarting a site and its relative application pool may also help (especially in older versions of windows).

Have in mind that basic authentication is not safe as it passes credentials via a request header in base64 encoding. A good idea is to use ssl - you can get a free one from startssl.com for a live site, or create a self signed one from iis for dev perposes.

Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

Well, I enabled Basic Authentication on the Default Website and on the WCF Service itself, disabled Anonymous authentication for them and restarted the whole IIS server. The prompt still pops up and I never reach the service.
Make a simple account (user: abc, pass: 123) on local dev machine and try with this (leave out WFC for the moment). It must work.
Hmm, if I use my current user with domain\user and password, it authenticates. What does it mean? I just want to accept a simple username and password sent from the client to be authenticated without creating a Windows account for each client.
If I use the default IIS basic authentication, the browsers accepts my current Windows account as login. If I add my code to the service and try it in the browser, the password is never accepted. I commented out the SSL part of the code, just using the last if if (!BasicAuthProvider.Authenticate(app.Context)) { CreateNotAuthorizedResponse(app, 401, 1, "Logon failed."); app.CompleteRequest(); }
This is not what you explicitly described in your question. In this case you have to use the Authenticate method to control the desired username and password, and in addition to remove/clear the http error using the Application_Error method / or control it with equivalent logic code anywhere.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.