V4.1.0 ASP.NET API 'Username' Authorization is not working

Wappler Version : v4.1.0
Operating System : MacOS
Server Model: ASP.NET
Database Type: MSSQL
Hosting Type: IIS

Expected behavior

Entering API Authorization details for Username and Password should fulfil Basic Authorization requirements for making an API call

Actual behavior

The API call is not Authorized with the details provided under Authorization: Username method. However, if the Basic Authorization (Base64 Encoded) details are entered in the Headers section, then the API calls are authorised correctly.

How to reproduce

1. Create an API Action with the API url
2. Select Method - GET or POST
3. Select Authorization Method: Username
4. Enter Username and Password details
5. Click on Define API Schema - API call is unauthorised
6. Remove Authorization Method: Username. Instead enter Base64 encoded Basic Authorization in the Headers
7. Click on Define API Schema - API call is authorised correctly for the same credentials as provided under Username Authorization method

On a related note: I used the same auth method a few days ago in NodeJS project and it worked/works fine.
But I was thrown off by the weird name - USERNAME. It was earlier correctly called BASIC.
Not sure when you guys changed it, but its incorrect and should be fixed as well.

If you want, you can just add help text explaining what Basic means.

I’ve tested the ASP.NET Api with basic authentication and it just works fine. I’ve tested it by using https://requestinspector.com/ and inspected the headers that were send. Could you perhaps also test what is being send in the headers in your case? Do you have some non-ascii characters in the username or password perhaps.

I agree with you, I also didn’t know directly when he mentioned the Username method that it was the basic authentication. Perhaps @George could change that back to Basic again, since in most api documentation they also call it that.

The API request fails when I enter username and password separately under the Authorization: Username Method and click on Define Schema to fetch the schema (screenshot attached).

But if I convert the username and password to Basic Authorization (Base64 encoded string) and enter it in the Headers section, it makes the API request correctly and fetches the schema as well.

Both username and password strings contain letters and numbers only. I have tested the API endpoint in Postman and API requests are successful with username and password entered separately.

So the error is only within Wappler with the fetch schema and not with the API endpoint?

I have done some more testing with 2 different API endpoints and here are my findings. In both cases I setup Authorization: Username Method to provide username and password credentials.

1. API url: https://lookup.plivo.com/v1/Number/{PhoneNumber} : In this case, it is an issue with the fetch schema. The API endpoint worked correctly from the Client UI.

2. API url: https://api.plivo.com/v1/Account/{auth_id}/Message/ : In this case, both fetch schema and API endpoints don’t work; I keep getting url authentication / unauthorised access error. It works correctly only when I provide Basic authentication in the Headers.

Please note that the second API has {auth_id} in the url, which I’m adding to the url from a SetValue step in the API action.

I don’t know whether there’s a different method to setup API actions for urls that have requirements like {auth_id} as part of the API endpoint.

The fetch schema in Wappler was indeed missing the authorization headers, this will be fixed in the Wappler update.

This has been fixed in Wappler 4.2.1

This topic was automatically closed after 46 hours. New replies are no longer allowed.