REST authentication failing

Jay Heavner asked on April 17, 2015 21:40

If I go to http://www.domain.com/rest/cms.country from a browser I am prompted with a login box. No combination of username/password will log me in. I just keep getting the login box. I've tried various users all of which are known global admin.

If I login to Kentico first and then access the link I get a list of countries. If I generate an authentication hash in the settings and use that it also works. I know that my rest is configured properly and that it works. I'm just not able to authenticate.

  • I've tried on both K7 and K8.
  • I have reviewed and confirmed everything in this article (https://docs.kentico.com/display/K8/Configuring+the+REST+service)
  • As well as this article (https://docs.kentico.com/display/K8/Authenticating+REST+requests).
  • I've tried Basic authentication as well as Forms with the same result
  • I've tried using the browser
  • I've tried using the Advanced Rest Client Google extension
  • I've tried all manner of .net code combinations.
  • I've tried using Ajax.

Nothing works. Clearly something in my web.config or settings isn't correct and it isn't correct on at least 5 of our server instances.

Does anyone have any idea why I can't authenticate against the rest services?

UPDATE: I saw an article about enabling settings in IIS so I turned on most of the IIS Roles in the OS. That didn't help.

I did find something interesting. If I requested data from a custom table it would work but if requested a base object (eg /rest/CMS.User, /rest/CMS.Country) it wouldn't work. I started playing around with how credentials are passed. The user for all calls is a Global Admin just to eliminate object permissions as an issue.

I had been passing credentials like:

CredentialCache mycache = new CredentialCache();
mycache.Add(new Uri(urlHelperInfo.URL), "Basic", new NetworkCredential(urlHelperInfo.Username, urlHelperInfo.Password));
httpRequest.Credentials = mycache;

This worked for custom table data but not base objects (as mentioned above).

However, if I just encoded it and slapped it on the header like below, I was able to request and get data from base objects (/rest/CMS.Country).

String encoded = System.Convert.ToBase64String(System.Text.Encoding.GetEncoding("ISO-8859-1").GetBytes(username + ":" + password));
httpRequest.Headers.Add("Authorization", "Basic " + encoded);

I'm not terribly thrilled with this. Can anyone shed some light on how this is working?

Recent Answers

balinder singh answered on November 22, 2015 22:08

Hi Jay,

I am also having issue authenticating against REST. My issue I am having Cross Origin Access issue because I am trying to access REST through client side call.

Though, for now I have built my on Web API and using it as gateway to authenticate user against Base REST.

If you find any solution for Client side Let me know.

Here's my code Which sits in same solution where REST is hosted. I am using Basic authentication.

[HttpPost]
    public HttpResponseMessage Admin(InputFormModel userinput)
    {


        // Creates the REST request
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(userinput.RESTEndpoint); 

        // Sets the HTTP method of the request
        request.Method = "GET";
        string usernamepassword = userinput.UserName + ":" + userinput.Password;
        string base64usercredential = Convert.ToBase64String(Encoding.GetEncoding("utf-8").GetBytes(usernamepassword));
        // Authorizes the request using Basic authentication
        request.Headers.Add("Authorization: Basic " + base64usercredential);



        // Gets the REST response
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        try
        {
            // Stores the description of the response status

            if (response.StatusCode == HttpStatusCode.OK)
            {

                using (var reader = new StreamReader(response.GetResponseStream()))
                {
                    JavaScriptSerializer js = new JavaScriptSerializer();

                    return Request.CreateErrorResponse(HttpStatusCode.OK, reader.ReadToEnd());
                }

            }
            else
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, response.StatusDescription);
            }
        }
        catch(Exception ee)
        {
            return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ee);
        }
        return Request.CreateErrorResponse(HttpStatusCode.BadRequest, new Exception("Something went wrong"));
    }
}
public class InputFormModel
{
    public string UserName { get; set; }
    public string Password { get; set; }
    public string RESTEndpoint { get; set; }
}

Thanks, Balinder

0 votesVote for this answer Mark as a Correct answer

Timothy Fenton answered on November 23, 2015 10:39

Hello jay, I know this is an old thread, however you have the correct solution that you are working with in the end. We do not directly support authenticating rest using NetworkCredentials the way you originally were. The Base64-encoded username:password is the proper way to authenticate using basic authentication, it is recommended to enable SSL so that the string is not eaily avilable from the request header.

Another option would be to make a login form page to authenticate the rest user, then set the .ASPXFORMSAUTH cookie during the login, at this point all of the rest requests should process fine as long as that cookie is in the browser making the request.

Balinder, if you could make a separate thread for your issue with some more specific details it would be much more simple to separate out the issues here as they seem slightly different.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.