HttpListener: how to get http user and password?

Question

I'm facing a problem here, with HttpListener.

When a request of the form

http://user:password@example.com/

is made, how can I get the user and password ? HttpWebRequest has a Credentials property, but HttpListenerRequest doesn't have it, and I didn't find the username in any property of it.

Thanks for the help.

Answer 1

What you're attempting to do is pass credentials via HTTP basic auth, I'm not sure if the username:password syntax is supported in HttpListener, but if it is, you'll need to specify that you accept basic auth first.

HttpListener listener = new HttpListener();
listener.Prefixes.Add(uriPrefix);
listener.AuthenticationSchemes = AuthenticationSchemes.Basic;
listener.Start();

Once you receive a request, you can then extract the username and password with:

HttpListenerBasicIdentity identity = (HttpListenerBasicIdentity)context.User.Identity;
Console.WriteLine(identity.Name);
Console.WriteLine(identity.Password);

Here's a full explanation of all supported authenitcation methods that can be used with HttpListener.

Answer 2

Get the Authorization header. It's format is as follows

Authorization: <Type> <Base64-encoded-Username/Password-Pair>

Example:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

The username and password is colon-seperated (in this example, Aladdin:open sesame), then B64-encoded.

Answer 3

You need to first enable Basic Authentication:

listener.AuthenticationSchemes = AuthenticationSchemes.Basic;

Then in your ProcessRequest method you could get username and password:

if (context.User.Identity.IsAuthenticated)
{
    var identity = (HttpListenerBasicIdentity)context.User.Identity;
    Console.WriteLine(identity.Name);
    Console.WriteLine(identity.Password);
}