Use Fiddler with Basic Authentication to access RE

2019-03-08 22:50发布

I have a WebAPI that works without issue. I have tested locally and deployed to my server and configured this service in IIS to use Basic Authentication. I am able to browse to my service and I receive the Authentication challenge I expect and all works swimmingly! Now I want to use Fiddler to test this and I have constructed a POST to a specific url and I got a 401 (Unauthorized) error. So I decided to add a base64 string in my Request Header and I am now getting a 500 error.

What I would like to know is, does my Request Header look correct? I am obviously going to obfuscate my Host and base64 string which contains the format username:password for the Authentication challenge.

User-Agent: Fiddler
Host: xxx.xxx.xxx.xxx:xxxx
Content-Length: 185
Content-Type: text/json
Authorization: Basic jskadjfhlksadjhdflkjhiu9813ryiu34

5条回答
混吃等死
2楼-- · 2019-03-08 23:05

Newer versions of Fiddler (I tested in v4.6.20172.31233) will create and add the necessary Authorization header for you automatically if you specify the username and password in the Composer URL field like so:

https://SomeUser:SomePass@sitename

Upon executing, this strips it out of the URL and turns into an HTTP header like:

Authorization: Basic U29tZVVzZXI6U29tZVBhc3M=
查看更多
我想做一个坏孩纸
3楼-- · 2019-03-08 23:05

I found that in Fiddler 4, all I had to do was check the Automatically Authenticate option that is on the Rules menu.

查看更多
可以哭但决不认输i
4楼-- · 2019-03-08 23:16

I know this is an older post but when I first was looking at how to do this I came across this post and knew it was the answer but I still didn't know things like did the credentials need to be coma separated etc. So, just in case this might help someone out here are my notes for Fiddler I put together for a JSON POST.

First you need to Base64 encode your "username:password"
    • Go to Tools | Text Wizard | To Base64 in dropdown

Post a message in the Composer tab
    • Change the type to POST in the dropdown.
    • Put in the URL
    • Add the following to the top header section.
        ○ Authorization: Basic ReplaceWithYourEncodedCredtials=
        ○ Content-Type: application/json; charset=utf-8
    • Add some JSON content to the body
        ○ [{"Address1":null,"Address2":null,"BirthDate":"1967-10-06T00:00:00","City":null,"CompanyHireDate":"2011-06-03T00:00:00","EmailAddress":"myEmail@company.com","EmployeeNumber":"112233","FirstName":"JOHN","LastName":"DOE","PhoneNumber":null,"State":null,"UserName":"JDoe","ZipCode":null}]
查看更多
淡お忘
5楼-- · 2019-03-08 23:18

Fiddler has a tool that does the Base64 for you. Just create your string: username:password and then go to Tools -> TextWizard and enter the username password combo and choose ToBase64. Copy and paste that into your Authorization header and you should be good to go.

查看更多
forever°为你锁心
6楼-- · 2019-03-08 23:24

AlexGad is right. Once the ToBase64 encoding is created, under the header while composing the request, add the following line:

Authorization: Basic [encoded_value]

Now execute the request, it should work! :)

查看更多
登录 后发表回答