Every once in a while I get asked to design systems that require passing a simple user id and password to authenticate (aka basic authentication) as defined here. This is the simplest type of authentication one can imagine (short of having none at all) and is easy to implement using System.Net.WebRequest. Here is a rudimentary example:

public void SetBasicAuthCredentials(WebRequest requst, String user, String password)
{
    string auth = user + ":" + password;
    auth = Convert.ToBase64String(Encoding.Default.GetBytes(auth));
    requst.Headers["Authorization"] = "Basic " + auth;
}

The thing to remember with the above code is that encoding is not the same as encryption and the user id and password are essentially being passed in clear text over the network. In scenarios where you are accessing resources using basic auth you are obligated, at minimum, to secure the transport layer using SSL.



Comment Section

Comments are closed.