Basic Authentication in querystring

I’m trying to pass basic authentication directly in the url like:

The get method has the [Authenticate] attribute on it.
The integration test with AppSelfHostBase and JsonServiceClient that passes username and password works with no problem.
I checked on IIS and Basic Authentication is enabled and it is configured also in the host configuration.

If I try to pass the username and password in the url or I try to put the basic authentication on Postman (headers) I get the unhauthorized 401 error.

HTTP Basic Auth needs to send the Authorization: HTTP Request Header, see:

This is what I have done with postman but still getting unauthorised.

I’m assuming you’ve added the BasicAuthProvider() AuthProvider in AuthFeature right?

If so, can you post the HTTP Request and Response Headers that is being sent using Fiddler?

Yes BasicAuthProvider is enabled with :
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[]
new BasicAuthProvider(),

And this test passes correctly:

        public void TestAuthentication()
	        var UserName = "testuser";
	        var Password = "testpassword";
            var client = new JsonServiceClient(BaseUri)
                UserName = UserName,
                Password = Password
            MwInspectionDetailResponse response = client.Get<MwInspectionDetailResponse>(new MwInspectionRequest() { Id = "A18-42N" });
            Console.WriteLine("Tratta:{0}", response.TrattaAutostrada);

Here are the Request-Response headers in Fiddler
Request headers:

  GET /api/mwinspections?Id=A18-42N HTTP/1.1
    Connection: keep-alive
    Accept: application/json
    Cache-Control: no-cache
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
    Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3N3b3Jk
    Postman-Token: b7905796-d8f4-08f0-b2d0-b7d56cb7f335
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
    Cookie: ss-id=EiNnNtOQpM4oAHH8ch93; ss-pid=yZeFrUWDEnPcipucyRGY


HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/10.0
WWW-Authenticate: Basic realm=""
X-Powered-By: ASP.NET
Date: Sun, 27 Sep 2015 18:50:38 GMT
Content-Length: 0

It should just work the server doesn’t care about which client sends the request just the HTTP Headers sent with the request.

Try deleting the ss-id/ss-pid Cookies, in Fiddler you can drag the Request into the Composer and replay the request, try it without sending existing cookies.

Also note the special support for Authentication in Postman basically it lets you export your authenticated session into a url that you can paste into Postman to copy the Session cookies.