Step by Step Tutorial - Authenticating to a REST API in c#

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] well hello good morning good afternoon good evening whatever you are that sounded a bit like I wasn't that song Clemence sure anyway enough of this um so you're welcome to another video this is a bit of a follow on to a video I did on them rest api's and how you access them from c-sharp that you had to pretty good response but one of the things that I just didn't think about or I omitted the first time around was how do you deal with that when you need to authenticate and it so it was a really good question that was raised by quite a few people so that's why I've made this video but I'm using the same format as I've used previously and it seemed to work quite well so we use that again unless people tell me otherwise so onto the user story what is it we're trying to do so as a developer I want to call a REST API that requires authentication why do I want to do that what's the value so i can consume its resources or its protected resources and that's often going to be our just an idea that you come o get come up against that being that the api is protected somehow what our acceptance criteria for this video so at the end of the video you should be able to authenticate to arrest API using basic authentication which is of a common form of authentication used oh they are not fantastic but it does the job and a couple of shortfalls with it that we'll go through in the video and the other one is how to FN ticket to arrest API using ntlm authentication or Windows in inverted commas authentication now what the ingredients for the video pretty similar to last time I won't list them alt in too much detail you can read them sure the ones that I will mention are the actual API themself now you should be able to you should have access to a API that does use basic authentication and also one is ntlm authentication oh don't worry as part of this video we're going to spin up a very simple API that uses both of those authentication methods if you don't have access to one as part of another application as part this video I'm using something called JIRA that I'll go into a bit in a minute that supposedly provides basic authentication and it's an actual proper application that somebody else's a something else is developed and it's actually the reason why I started needing to access the API as I had a real business need to do that so if you have an API that uses either basica in tln authentication you can use that but we will spin an API up as part of this video and I'll go through that in expect a snap detail and I've got there 30 to 40 minutes of your time quick bit about the tutorial structure and then all launch into kind of in two parts and for those of you just wanting to go yeah yeah yeah a lot of some of your voice but I just want to go on and understand how to do it part one is basically and doing a self I'm calling self for all the faint occasion handle so you're actually going to write an authentication header in cord effectively and attach it to our request object and before we do that I'm just going to do a little bit of cord connection on the previous and tutorial and that's an important point I try to do step-by-step tutorials and take you through right from the beginning right through to the end now if I was to do that in its entirety for this tutorial would be incredibly long and there really is no need salt if you want to start right from the beginning go back to the other video that I've got there and it's quite obvious it's on my channel accessing a REST API from c-sharp follow that all the way through to the end and then you can pick up this video and start from basically here but there was a bit of an error in that video so I'm I'm just making a correction here and that's in part 1 part 2 then gonna did that deep dive and we'll go into how basic authentication actually works and look a bit at the specification then we're going to set up our asp.net API you don't really need to know anything about it it's very simple if you follow the steps you'll have a working and API that will use both basic and ntlm authentication we're then going to introduce you to the network credential and a little bit about the cadential cache objects and then just finally a bit of an observation by the network credential class did not work for me using jira which is the production system i was talking about and that's it quite interesting well I thought it was anyway okay but almost they are almost into the cord just a little bit about my lab setup everything is over HTTP and the c-sharp restclient is obviously the main thing that we will be working on I use Firefox as my main browser and I included a plug-in called live HTTP headers which allows us to look at the HTTP header classic which is quite useful and in a later part of the video I'm also using edge for various reasons then onto the api's as I say I'm going to be using something called JIRA which is an actual production system a ticketing system that you know software teams use to manage requirements all that kind of stuff and I just have that surfing on our Linux VM and then what you're going to do or what we are going to do is part this video is actually install Internet Information server on your PC and we're going to spin up a REST API that uses basic and ntlm authentication so you don't need jido you don't need linux box i've just got that sparked my setup just in case you're wondering out of that structured click look at the the wireframe that I did this before the application looks pretty much exactly the same as it did before with the exception of a username and password box as part of this tutorial I'm not going to go into how to store these credentials securely or anything like that so basically all we're going to be doing is adding a minute run thing we then have to grip boxes with a couple of radio buttons in it okay we are almost there almost getting to the core that can promise you this is our class diagram from before and we had our rest client class and we had a couple of attributes a couple of methods it's not actually changing that much and if you actually look at the new class diagram we've simply added a few more attributes to handle the authentication type and the authentication technique and of course username and password and a couple of other enumerations in there that you can see I think it's fairly straightforward authentication type you get two basic and ntlm and the authentication technique one Network credential okay so before we delve into the main part of the tutorial I just want to get correct a better than error with the last tutorials called basically I found out it doesn't really trap errors particular error or catch exceptions particularly well which is really important for this tutorial because things like authentication require the the correct trapping of exceptions in essence them see a 401 authorization authentication required exception in inverted commas so let me just put in a bit garbage here in the client last time in it and as you can see here the cord doesn't really handle that very well at all okay so we're just going to tidy that up now I'm using a using statement here and I'm going to change it to a try catch finally blocking in the catch Clause we're going to basically trap the exception we can do things with it if we saw wish in this instance I'm just going to basically write back a adjacent string with the error code just just to give you a bit of overview of what what the change is really about if you look at the using statement definition it's basically a cly finally block and that's all using statement is and effectively in the if you're doing it the way I'm going to do it now using a try catch finally blocking the finally Clause you've basically got to dispose of any objects that you created if you use a using statement it does all that for you automatically but because I'm going to introduce catch I need to add a finally Clause manually and dispose of the request object so just doing that now and you'll have to watch me typing or cut and pasting chords but again that's kind of how I want to do my tutorials do it in painful detail of course if you want to fast forward you can being YouTube which is wonderful okay so I'm just catching an exception here and I don't say all we're really going to do at this stage is just write back a string and I'm just Connecticut I only do this once mr. Tory I'm just going to paste another cord there it's really just because Jason formatting formatted strings can be a bit fiddly and I didn't want to waste time on on doing that so I had that in a notepad and then as I say here's the finally Clause where I have to actually manually check and dispose of any objects that we created which would be taking care of it which would be taken care of automatically had you retained the use of the using statement so hope that's that's clear and that that's really I was just tidying up a bit of a throwback from the last tutorial okay I think we are done I'll get rid of that you don't need that okay it's run it and see what happens go ahead up what did I miss prize for the first person you can see other we go I just must say knee come on okay let's try again so try again yep works when everything's cool now if we just put in a bit of garbage let's see what happens give it a nap yep there we go so it's caught the error and it's just responding back okay so we're going to set up our forms user interface as power the wireframe of the mark that we have oh hopefully not mark and but we did now this is going to be a bit painful if you're going to watch me do this in its entirety but some of you might find it quite hypnotic although others of you will probably just find it quite and fury ating but again in the spirit of how I like to do things I'm going to do it in painful detail so first of all I'm you see what should we do yeah we're going to add in a couple of important things which is a text box for username and a text box for password now I'm not going to do as part of this tutorial is actually go through how you would store those credentials securely but you may want to do but for the purposes of this tutorial we're just going to supply them at one time in the end up text boxes now also doing a couple of very great boxes which you know again I'm just following the the wire flame that I did but I think as we progress through the tutorial we'll probably actually only end up using one of the grip boxes and the two radio buttons by within them and you'll see what I mean when we we come on to doing that so let me just update the properties of the text boxes again you can obviously give it any name you like one thing I will say is this record is all up on the website binary fissile com I think I'll probably flash up here we call the URL on the screen there so yet again the cord is all there and possibly if you're following the tutorial you should it might be easier just to give the text box is the same name that I have given them or maybe not talk to you okay I'm not not sure if I'm happy with her that yeah let's do this over here I think our URL box is a bit too small I like the good thing with visual studio is it allows you to kind of snap things into place and I haven't quite particular as you can see about making sure everything is the same size and even in a silly application such as this you and I'm saying for Jobs worth doing that actually is to see if or Jobs worth doing it's worth doing well so we're you know you need to be proud of what you do even something something like this okay so let's label these up username password okay let's add our radio buttons now so you can see you know a bit to grip boxes one representing the identification type of which we will be covering to inertia toriel basic authentication which is widely used and ntlm or windows forms type of indication there's no real reason why I chose those two I mean I suppose basic authentication is pretty common and the API that I actually need to use claims to use basic authentication and ntlm is also quite prevalent especially if you work in a corporate Windows environment it's quite useful one to use there are other ones and I just couldn't cover them all in this video and then the other grid boxes the the technique so I'm calling the first technique roll-your-own which is basically you'll add a header to our request object manually and construct it manually calling that roll-your-own in the second technique is the network credential class which is provided by the dotnet framework and it's arguably more clever I don't know that's grammatically good good English it's clever on potentially but there are some pitfalls with that I actually couldn't get it to work with my my production API my GIDA api nor go into a bit about what jitta is later that give you some context but this is really about our UI at the moment and the idea is that you select the right video button and say a video buttons to drive you know how you want the client to thing to get not rocket science in terms of a UI I don't think Apple are going to be poor Qing Li anytime soon I think Johnny IDEs job is quite safe ok all works cool password is oblique and while this will just set a default check on each of these radio buttons and we are pretty much done on that okay so just a little bit of a digression I just want to go over and a production in REST API that I was using as part of the development of this tutorial and I'm using this system here called zero I'm sure many of you have come across it before Lords of places use it it's effectively an issue tracking piece of software so we use it for tracking our requirements on these software projects work we're also using like the agile methodologies so you effectively have your requirements in the form of user stories you can see some there and and they've run through an agile wall typically it's a Kanban wall there so very simple Kenneth statuses so you have stuff in your backlog stuff you want to do stuff that you have selected that you're definitely going to develop stuff and progress and stuff that's done and you just move your requirements through the wall depending on the state that's basically it I actually use it for tracking and storing what videos I'm going to do next so again it is a Kanban or you just assume you move your via sting's through the wall depending on the state and and lastly in the company that makes Jia of which I have no affiliation a provider of SD API there you can see it returns just back a big blob of JSON that contains the details of that particular story card and we actually needed to harvest that data and put it into our reporting repository which is why I can I get into this in the first place I'm just using a song when Jason edited just to kind of look at the Jason's son and we can't parse that and pop it into a database and there's all sorts of stuff with it just to see how we're tracking all that kind of thing so that's Jude I'll just log out and if you then try to access the API again I'll just paste in the URL you get an access denied no they provide a number of authentication mechanisms the first one and the only one I'm going to use in this territorial but regards JIRA is basic identification and you can see here just testing and applying it returns or one that's all cool so we're going to implement a self ruled sanctification header to authenticate to this jitta API and we're also going to use that later and our API that we spin up one thing I'll see if you're using a production API if you're using GE or whatever please read the documentation that they provide because honestly and there are some really believe are know there's some really important things in the documentation that will save you a lot of pain and I actually had a lot pain with the JIRA API when it came to using the network credentials the reason being and I'm just highlighting here that they don't really implement basic authentication as it's supposed to be implemented anyway come on to that later so yes here we are going to actually start coding our self gold authentication header moon earth plane ticket I think Takei excuse me against the gia REST API using a basic authentication so first of all I just want to I'm just going to follow our class design diagram and add in our various enumerations that basically tell us what the authentication type is and the identification technique is it's possibly a bit of overkill for something of this nature but look I find it helps illustrate the point and drum at home a bit and it doesn't really take that long possibly with the exception of somebody like myself who isn't particularly fast type on but you know if you're going to use this going forward in your own project I think it's a good idea to put something like that in because it sets you up and just makes life a bit easier down the track so we'll just update our attributes now again as per our class diagram and again I won't keep saying it but the cord is up on the website so if you don't fancy typing in parallel means copy then it's real fun of my formal tutorial so I like to take the cordon if I buy a book on something I can indeed try the CD ordinary these downloads of the cord I've very rarely download the cord and just run it I always like follow it and type it in because I find I actually learn a lot better than that and you learn never to be make mistakes and sometimes and a lot of times you'll actually find arrows in the cord of the book you know some there are few things hopefully they'll be no arrows in this cord it's 100% perfect guaranteed I see with my tongue planted firmly in my cheek okay so now on to the the really interesting stuff I'm basically going to construct a string and then add it to our request a head of attribute and you'll see that in a bit so let's just create a start to create a string and we just call it something like off header now this makes bit is a bit and verbose I'm just going to type it in follow along but we'll delve into basic authentication a bit a bit in a bit more detail later on the tutorial but effectively you've got to convert the username password to a base64 string using ASCII encoding okay which is basically just what we're doing here and the the basic authentication specification goes into this and I've got references to that on the blog and later on in the video as well so it's important that the username and password are delineated by a semicolon in using base64 conversion and we're using ASCII encoding and I'll flip back to the API documentation which is you know it will show you kind of what that will produce and any simply we just add add it to our requests object request object header attribute and it's important that we can a construct the rest of the header here so it's important that you have authorization here and it loads me to use a as ad instead of an S being a bit living in Australia we use an S there but at work if we spelt it that way so we have to go with our American cousins and yet we then put in basic so we're basically use all attribute assuming it's set to basic and then we'll just add our off head or string that we constructed and you can see here on the G documentation that they basically outline what the header should look like and you can see that there what it will look like once it's encoded so hopefully ours should look like that so often ization basic hopefully if it's set to basic which we will do in when we go back to the click button event of our client and then we add in the encoded username and password that was important to note that that's not accepted at all if you're sending that over HTTP is totally not encrypted so just we'll cover that again a bit later it might look gobbledygook but it's absolutely not safe to send that over a HTTP connection you really want to use HTTP and it will see again we went a bit more detail on that later I just kind of want to knock the cord out here so that you have some working cord using basic authentication with a self ruled header because it's kind of kind of dallied long enough almost there 20 minutes bit more I'm still not really got to the you know what I'm sure you're here for so I want to get that knocked out now and so we're just setting as I see some of the attributes on our on that object that once VA push the button the magic should happen okay then we just said say that as well okay I think we're ready all I need to do is put in the URL to our rest zero rest API and yep they were getting the 401 response or real not authenticated the video buttons remember at this point in time are not doing anything and I'll put in my username and password for my G da instance there we go [Music] but a few mo they are yeah sort of tons factor the JSON payload from JIRA using basic authentication and I'll just you know validate that that's the case but yeah I think I'm probably over doing it there and we'll just clear that I'm doing a loved one there we go so we know our client is now using basic identification using a header that we've effectively constructed ourselves like so now we're going to do a bit on basic authentication how it actually works or should work okay so the specification is RFC 261 and check that on online links to in the blog so what should happen as promised a snazzy interaction diagram is the client in this case us will send up a get request to the server now several then should return a 401 unauthorized response and as part of the HTTP response will actually tell you what type of this indication is being used in this case you can see here is basic alright then the client should send another get request with the authentication attached and then you'll get the 200 Oki response no it's just important to note that what we did in the last segment we actually provided the authentication header in the first request excuse me and that authenticated us through and that's how that worked with both our jitta API but was important and I'll just go back to did flash up briefly on the screen the jitta API documentation what they actually see is the leading ascent knows you can probably tell Gia does not supply a typical authentication challenge some HTTP client software expect to receive an authentication challenge before they will send an authorization header so this is really important when it comes to the network credential class because it effectively really needs salt which it doesn't really need it does me that it expects basic identification to be implemented as you can see on the screen there and that means it needs that unauthorized response in order for it to then construct and supply the authentication header and then the last thing that we just Platt supply that as part of the first request and all works fine in that what took years you can see there when we come on time in a minute using the network credential class with Jia it will fail doesn't work and the reason that mark is because gia or Atlassian have not implemented basic authentication in this to two phase challenge response which is really have it's supposed to be implemented and we'll see that when we actually in the next bit spin up our own API that does follow this method or basic authentication this challenge response method and the network cadential class works fine with an API set up a basic authentication when it's implemented in this fashion okay so I just thought that as as important to go over it's useful to kind of pick that apart I think and understand how it works and we'll also actually look at the HTTP header traffic in a bit as well in the next section using that plugin for Firefox it's called live live headers or something like that but that's coming up next right we're going to install a is mode you may already have this installed that I just thought put the seven for completeness and the reason we're putting the is on is because we can play with the authentication options in much more detail so control panel programs turn on Windows Features Internet Information Services and you just you just check the stuff that you actually want obviously so programmability and security and make sure the authentication types you want are selected click OK and actually go away and you know install our install a is and you can check the install by just go in to localhost that's all to know cool okay so we're going to set up our own API no and I'm just going to create a shell Visual Studio project I'm not going to go into too much detail on how this works for another time but Visual Studio and new project okay and then c-sharp web asp.net application give it a name nothing too strenuous just yet and then select Web API as a default project and then NPC selected there and then just change the authentication tape to Windows Phone oh don't worry too much about that but just provide that for the moment and that will just create a shell project for us now we can run it here our visual studio and it won't actually use our instance of a is that we start it up it will use a local version which we'll see in a minute any of it you just want to pop into the controllers folder and we want to update one of the methods and the values controller again don't worry too much about this and this is just a method and it basically an API method and we're just going to update some hard-coded values that will be returned to our client can be anything in fact you don't even have to do this but I'm just doing it just to kind of help crystallize where that data is coming from it's basically coming from this API and of course you know you can feel all sorts of fancy stuffing that would actually do something proper we want to we want to in protect the API so only require authentication and it's going to hard code the user that we want to allow access to the API there's all our games lots of other ways of doing this I'm just providing my machine name and my user account because I'm running local and I'm not running in a domain if you don't know what I'm talking about then drop me a line on the on them on the messaging thread on YouTube and I can explain that better again we're just running this mode the version of AI is that comes with visual studio you can see there's a comport number a dynamic port number after a local host which gets the same W time you run an application in this way so we're still not touching our eye is instance yet so if you just access the API lo so we're just accessing a front page of the application we just need to put in Americans remember what is a vision to actually access the API method that we just updated just saw and now we go to tons of okay so that's just kind of seeing this its kind of relatively wild little key but what we want to do now is deploy it to iis and it's effectively as far as i know we are just the method you're using is effectively just a file copy happy to be corrected on that but it's all running locally i is my visual studio is running on the same machine so we're just doing a filesystem deploy and just bozer anyway off really i'm sure if you have a live website you probably have a proper location where you want to store it will just create a dedicated folder for it give it the same name as on so project all you don't have to and next select that option see that and that should just basically deploy it to that fold on again I think it just copies files maybe if I make this smaller stuff in the background but we have one more thing to do and we have to go into I is manager and we have to configure it up as an application on iis now again there's other ways you can do this but I'm just doing it this way for the purposes of this tutorial I already have another application near that will create a new one and give it the same names and project and then all you do is just browse to the file location fear thats it's okay so that's done let me have a new application in the black so that in a minute now the reason I went to all this trouble of installing IAS is that you can kind of fiddle around with the authentication settings and a lot more detail and it works a lot better that's why I did it okay so we'll just enable basic authentication and you can see that it actually gives you an SSL one there's not SSL is not installed and it's not secured over SSL so let's see if that what now we just go to localhost direct no we don't need that dynamic port number which only happens when you run it from visual studio this is IAS proper mode so let's go to the kind of home page or let's go to an application we'll just give you the kind of homepage all the legal that's not protected by authentication yet we actually have to try and access the EPI method in the relevant controller and then we get a challenge that's basically if you go back to the sequence diagram we're looking at that's the first challenge coming back from the server saying your unauthorized please provider you know credentials that's the first part that challenge response and if you don't supply anything it keeps challenging us to provide something which we'll do now and again this is using basic authentication in the Regal so those are values are returned back from that API method okay cool all right so let's just a go back into our client or Rachel rest client and just see how that how that's looking though I can find the damn thing about so many different copies over there I think that's the right one okay okay so here's our rest client that we know and love let's see if we can I think to keep using our basic of self or all basic authentication header it should work okay and just copy that out pasted in click cause we're getting 401 because we're not actually supplying any credential so let's supply them know and again radio buttons aren't doing anything yet we're just using our cell fault header there you go so that works so basic identification self ruled as with a previous example the jitta works fine but let's see what happens if we then go in and change the authentication type to Windows so we'll disable basic authentication and we'll enable Windows authentication and let's see what happens with our client now I'm sure it won't any surprise what will happen but I just want to do it anyway just to kind of crystallize it for you again you get a 401 as we would expect but let's put in our credentials I've been in mind our API is now using Windows authentication I'm still getting a photo 1 because our self ruled hair done I'll just double check the password self ruled header is constructing a basic authentication header so let's just switch back just to label the point and there at work so I've got they even changed the credentials I just changed the authentication type and it works ok so that's the next section I'm going to solve that problem okay so just to leave that about the HTTP header classic it just kind of brings the whole thing home or you but before we fight finish off here's our API and we'll just select basic authentication and I'm using this live HTTP header plug-in for Firefox so this is monitoring the HTTP header graphic effectively so basic identification let's blows to an API there you go so you can see the the get request of a scroll up and then the response from the server and it's specifying that basic authentication is basically being used so that's the first of the two part leg of the basic authentication sequence diagram I'm not putting my password then because if I show you that you'd be able to decrypt what it is but let's just do it for Windows authentication do exactly the same thing and you'll see what the response header is like and again the network credential class uses this there you go ntlm on my instance okay I've teased you enough let's go on to the network credential class and finish finish this thing off okay yes we're finally here the network credential class it's taken us a long time to get yeah but I think it's been busted so well that's why I think anyway you made this agree and I think if you stuck this long you probably think it has been lost it what we're just going to do is we're just going to disable that Fox clip box because to be honest with you it's actually soft posture requirements had I thought about it all we're going to use are the other two radio buttons the technique so we're really just going to use a very simple if statement and just check to see which of the technique buttons are checked and basically very simple logic if the roll-your-own radio button is checked then we're simply going to set the authentication technique on a client object to roll your own otherwise we will set the technique to network credential supply supplies because there's only two radio buttons now a program with wall wall your own then the only you know authentication a technique that we're going to use or sorry the only authentication type we're going to use is basic we're not going to create our and an ntlm header via roll-your-own so if it's roll-your-own we're only ever going to go with basic authentication on the other hand if we're using the network credential then we basically let a network credential class decide what M particular indication is going to be used that's that that's the whole clever point of it will actually be able to detect assuming the API is up as prior you know the correct specification so as you as you may recall in our interaction diagram the original challenge original request to a basic authentication API Wolverton our 401 response and will actually have the authentication type in there be it basically ntlm and in the network credential class uses that to then construct a head off as it sees fit so that that's all this logic is is a bit long-winded but I'm sure you can follow that what I've put on the screen there so yeah just didn't go do this now so hopefully that makes sense the chords very straightforward now we'll just jump over to our actual class and we'll make a few changes here so basically we're just going to do a simple F statement and again we're just going to test on the what authentication technique we're using so for using rule rule your own then I'm just going to effectively reuse the same code that the whole ready done for basic authentication I'm not really going to do any changes will make I'm going to make a slight change I'm going to kind a hard code to the town basic into the head of which you know I don't know I wouldn't do that normally I'm really just doing that too I'm going to do that to label the point that this if you're rolling it on we are only going to use basic authentication so I'm not going to have that as a potential dynamic value so we'll just put that in here right now again you probably didn't do this in the real system just to label the point of a step in a bit of commentary there so again the off type will always be basic in this tutorial nav maybe that's a bit of homework for yourself if you're interested in constructing a head of string for ntlm authentication or something else some other two event identification you can investigate that otherwise we're going to assume because I've only got two techniques we'll be using a network credential and here we are here's a network credential class now and you can just see there basically what it does and interestingly you know the you know the constructor I'm using me just basically personally the username and the password we don't even tell it you know what type of authentication is being used it works out for itself now when we come on to the credential cache and IV bit and it's very you're not going to do too much on it you can actually said you can supply multiple credentials using different authentication types and that's where you do specify authentication type what we do is we just add the network credential to the request objects accidentals attribute that's it legal it's really that simple has taken us 45 minutes to get to this stage I could have just battled off first time then but I thought say we take the long way around okay so it's the testing though within the final four long so here's our API that we spun up and it's currently configured with basic authentication so if I just find the URL and got that 100 in a notepad to the left of the screen there let me just paste and paste it in should I say and that gives us a full one because a lot supplied to username and password so let's do that now they haven't seen this working before so it should should work fine if it doesn't work for the something bad to live on we go it looks cool so let's switch our technique to Network credential the the stuff they've just done leave the username and password as is Network credential class and it works so it's basically identified that it's a basic authentication scheme in it and it's authenticated for us play it cool so let's cool and configure our API for Windows authentication let's tie now if you remember our rule your own header did not work indeed it doesn't gives us a 401 let's switch over and they have success so again network credential class is very cool it can determine if the API authentication scheme is implemented correctly you know how to construct the appropriate headers it's very cool let's just switch back to the JIRA API that I had been talking a lot about in this video and if you recall what tool key with our basic authentication header they'll be supplied but I was saying it doesn't work with Network credential class and then I actually read the documentation and understood why it wasn't working I'll just change the username password because it's geo users it's on local date about my instance uses its own local database so Network credential class legal doesn't work for one but hopefully of basic stuff will work as before yep it does so you know you can imagine Mike and a puzzlement and I couldn't get that to working and that's why I spun up my own API is to test that and uncovered the fact that I should actually read stuff a bit of our final bit here on the website please take a look a bit on the credential cache and I was going to do a bit on that coding and so on so forth I decided against it because having done what we've done so far the MSDN documentation is very easy to follow residential cache just allows you to add multiple credentials and then basically attach it to your request object in the same way that we did for Network credential that you can see there is for creating multiple convential types against different authentication schemes and you can add as many as you like and yeah it will allow you then to think it through if one doesn't work and we can slightly different endpoints and all that kind of stuff but the documentation is pretty easy to follow so if you've come this far you should be able to follow it no problem at all ok so that brings us to the end of the video I've just put a picture of the website up there please take a look it has all the cord and again step-by-step instructions effectively what you've seen in the video I think it's pretty much in the same order now appreciate I do take a long time to get to the point but that's kind of how I'm targeting these videos because I find some things even on a relatively seasoned developer rewards might actually pop my core job title anymore and I still think that I'm trying to follow some tutorials online that they assume so much knowledge and they go so fast but not that great so I do take a long time to explain it but hopefully that should benefit to you that that's kind of how I like here to see tutorials if you've any feedback positive and one city negative but I'll say constructive please leave it in the comments below the video I'm really really keen to get as much feedback as I can my positive stuff is great that's always a nice boost to the Eagle but actually more interested in constructive comments or suggestions for new videos or how I can improve or how I can do things differently because it just means I can target the content to you guys more appropriately and hopefully build that they go audience base and you know I can curb and just make lots of money from YouTube that would be nice wouldn't it anyway I'm going to shut up now and thank you again for watching and hopefully I'll have my next video up and relatively soon thanks again for watching

Info

Channel: Les Jackson

Views: 103,243

Rating: 4.7836337 out of 5

Keywords: c#, REST, API, NetworkCredential, CredentialCache, Authentication, NTLM, Basic Authentication, Client, RFC2617, NTLM Authentication, .Net

Id: XX5pn4pJ4b0

Channel Id: undefined

Length: 50min 15sec (3015 seconds)

Published: Wed May 03 2017