Turn auth response header on/ off per request

mdaly · September 23, 2015, 7:36pm

Adding basic or digest auth is useful for taking care of the authentication cycle when using a JsonServiceClient.

But for consumers of the same services using a browser, this also means random (to the user) native (very strange looking) modal pop ups asking for a username and password.

I want to enable basic/ digest authentication for JsonServiceClient consumers only, for browsers I do not want the WWW-Authenticate response header added by SS.

Can I modify the AuthFeature to add headers based on request conditions or can I hook into the response event chain?

I’ve tried appHost.GlobalResponseFilters, but the response only has an AddHeader method.

mythz · September 23, 2015, 7:55pm

You can override OnFailedAuthentication() on a Custom BasicAuthProvider.

You can get the IHttpResponse with:

var httpRes = (IHttpResponse)res;

Or the ASP.NET Response (in ASP .NET hosts) with:

var aspRes = httpRes.OriginalResponse as HttpResponseBase;

mdaly · September 23, 2015, 8:01pm

Ok thanks, that’s what I wanted.

I just realised that simply using JsonServiceClient.OnAuthenticationRequired to do a credentials post, is simpler and probably a more obvious solution.

        var client = new JsonServiceClient(url)
        {
            UserName = userName,
            Password = password
        };

        client.OnAuthenticationRequired += request =>
        {
            client.Post(new Authenticate
            {
                UserName = userName,
                Password = password
            });
        };