You should be throwing a HttpResponseException from your API method, not HttpException: throw new HttpResponseException(HttpStatusCode.Unauthorized); Or, if you want to supply a custom message: var msg = new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = “Oops!!!” }; throw new HttpResponseException(msg);
I had similar situation. Here is what I did: Try to check and uncheck the USB Debugging option in the device. (if not working, try to unplug/plug the USB) At some point, the device should show up a messagebox to ask you if you authorize the computer. After you click yes, the device is then … Read more
The short answer is: there’s no standard way to do it. Although Glassfish and JBoss support principal-to-role mappings, JACC does no assume all containers do, and so it delegates the responsibility of keeping those mappings to the JACC provider implementation. From the docs (see: PolicyConfiguration.addToRole method): It is the job of the Policy provider to … Read more
When it was first developed, System.Web.Mvc.AuthorizeAttribute was doing the right thing – older revisions of the HTTP specification used status code 401 for both “unauthorized” and “unauthenticated”. From the original specification: If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. In fact, you can … Read more
from flask import request request.headers.get(‘your-header-name’) request.headers behaves like a dictionary, so you can also get your header like you would with any dictionary: request.headers[‘your-header-name’]
curl -u username:password http:// curl -u username http:// From the documentation page: -u, –user <user:password> Specify the user name and password to use for server authentication. Overrides -n, –netrc and –netrc-optional. If you simply specify the user name, curl will prompt for a password. The user name and passwords are split up on the first … Read more
The approach recommended by the ASP.Net Core team is to use the new policy design which is fully documented here. The basic idea behind the new approach is to use the new [Authorize] attribute to designate a “policy” (e.g. [Authorize( Policy = “YouNeedToBe18ToDoThis”)] where the policy is registered in the application’s Startup.cs to execute some … Read more
Eran Hammer-Lahav has done an excellent job in explaining the majority of the differences in his article Introducing OAuth 2.0. To summarize, here are the key differences: More OAuth Flows to allow better support for non-browser based applications. This is a main criticism against OAuth from client applications that were not browser based. For example, … Read more
Authentication is the process of ascertaining that somebody really is who they claim to be. Authorization refers to rules that determine who is allowed to do what. E.g. Adam may be authorized to create and delete databases, while Usama is only authorised to read. The two concepts are completely orthogonal and independent, but both are … Read more
As tweakt said, Amazon S3 is a good model to work with. Their request signatures do have some features (such as incorporating a timestamp) that help guard against both accidental and malicious request replaying. The nice thing about HTTP Basic is that virtually all HTTP libraries support it. You will, of course, need to require … Read more