Credentials not accepted, only API Key

jbrabant · June 14, 2021, 7:25pm

I have a service that requires Authentication. From the browser, I get prompted for the username password but only the API Key will work but not the username and password. I understand that it is because the APIKey provider is first from the list. But why I do not get a prompt (just like the APIKey is doing) and get right away a 401 when I put the Credentials first in the list? Is there a way to say which provider to use in the query string or something?

Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[]
            {
                new ApiKeyAuthProvider(AppSettings),
                new JwtAuthProvider()
                {
                    HashAlgorithm = "RS256", PrivateKeyXml =  Encryption.GetPrivateKey(),
                    RequireSecureConnection = config.RequireSecureConnection
                },
                new CredentialsAuthProvider(),
                new LdapAuthProvider(config, container.Resolve<IPPAUoW>()),
            })

mythz · June 14, 2021, 7:44pm

The challenge response of an unauthenticated request refers to the first Auth Provider, but I don’t understand if you’re saying a credentials auth request doesn’t work if it’s not first? all Auth Providers should work if they’re registered. Are you calling it correctly? Can you post the raw HTTP Request/Response headers of the request with the issue with any sensitive info scrubbed out.

jbrabant · June 14, 2021, 8:00pm

Thanks for the quick reply (as always), I’ll prepare something and post-it soon.