Authentication with HTTP libarary problem

[agraham]

I am failing dismally as I have little knowledge of the HTTP protocol. Has anyone coded access to a site that uses "Basic authentication without secure communication" using the HTTP library on the desktpop?

[Erel]

What error do you get?
Are you using WebRequest.New3(...) ?

[agraham]

Quote:

Originally Posted by Erel

What error do you get?
Are you using WebRequest.New3(...) ?

Hi Erel - Happy Xmas or whatever! I get a 401 exception thrown. No, I'm not using New3 - the Help only shows a New1 and a New2. I had assumed that I would need access to the Request headers to insert an Authorization line but they are read-only!

I have now tried New3 and get "Response.Value = Request.GetResponse" Error description: "The server committed a protocol violation. Section=ResponseHeader. Detail=CR must be followed by LF. Continue?"

The server in this case is the internal side of my router - I am practicing for a remote house monitoring system for a friend of mine. Looks like it won't work with the router - I shall have to wait for him to come up with the real server which will also have this sort of authentication.

[Erel]

I've seen this error before on one site.
I don't know how to explain it. Other sites (with authentication) work flawlessly.
Merry Christmas and a happy new year!

[agraham]

Quote:

Originally Posted by Erel

I've seen this error before on one site.
I don't know how to explain it. Other sites (with authentication) work flawlessly.
Merry Christmas and a happy new year!

I googled for the error and I've fixed it now I know about New3. Needs this adding to the dbasic.exe.config (while debugging) and the exe.config of the final app. Can I suggest you do this on the next release!

Code:

<system.net>
  <settings>
    <httpWebRequest useUnsafeHeaderParsing="true" />
  </settings>
</system.net

.NET is very (too) strict on parsing headers by default - this relaxes it.

[agraham]

Erel - idiot level questions I'm afraid!

I presume I need to "New3" the WebRequest object on every call to an authenticated server rather then "New1"s after the first. Does "KeepAlive" have any significance here?

I presume I also need to perform a "New1" and "Close" pair on the WebResponse for every call as well.

Thanks for the help so far.

[Erel]

Very interesting. Solves a few mysteries.

Quote from MSDN:

Quote:

Setting this property to true has security implications, so it should only be done if backward compatibility with a server is required.

I think that it is better to use the default .Net behavior and let the user override it if required.