Asp net webapi basic authentication always fails as 401 unauthorized


ASP.NET is a popular programming language used for web applications. One that face is the problem of basic authentication failing with a 401 unauthorized error in ASP.NET Web API. In this article, we will explore the possible causes of this issue and provide solutions with examples.

Possible Causes

There can be several reasons why basic authentication fails in ASP.NET Web API. Let's discuss some of the common causes:

Incorrect Authorization

One possible cause is an incorrect authorization header sent with the request. Basic authentication requires the client to send the authorization header with the value “Basic” followed by a base64-encoded string of the username and password. Make sure that the header is correctly formatted and includes the correct credentials.

// Example of correct authorization header
request.Headers.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes(username + ":" + password)));

Missing Authentication Filter

Another possible cause is the absence of an authentication filter in the Web API pipeline. By default, ASP.NET Web API does not include any authentication filters, so you need to manually add one to enable basic authentication. You can create a custom authentication filter by implementing the IAuthenticationFilter interface and registering it in the Web API configuration.

// Example of custom authentication filter
public class BasicAuthenticationFilter : IAuthenticationFilter
    public Task AuthenticateAsync(HttpAuthenticationContext context,  cancellationToken)
        // Implement authentication logic here

    // Implement other interface methods

// Register the authentication filter in Web API configuration
config.Filters.Add(new BasicAuthenticationFilter());

Incorrect Authentication Logic

Incorrect implementation of the authentication logic can also lead to basic authentication failures. Make sure that your authentication logic correctly validates the username and password provided by the client and sets the principal and identity for the current request. You can use the context.Principal and context.RequestContext.Principal properties to set the authenticated user.

// Example of setting the authenticated user
var identity = new GenericIdentity(username, "Basic");
var principal = new GenericPrincipal(identity, null);
context.Principal = principal;
context.RequestContext.Principal = principal;


Basic authentication failures in ASP.NET Web API can be caused by various factors such as incorrect authorization headers, missing authentication filters, or incorrect authentication logic. By understanding these possible causes and implementing the solutions, you can the issue and ensure successful basic authentication in your ASP.NET Web API applications.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents