HTTP Basic 验证客户端的原理： 把HTTP头重的ContentType设置为：application/x-www-form-urlencoded 如果HTTP头没有Authorization，那么添加，并把这个设置为“Basic 用户名：密码”字符串组合的Base64编码。

代码片段：

HttpWebRequest request

=

(HttpWebRequest)HttpWebRequest.Create(url);

request.Method

=

"

GET

"

; request.ContentType

=

"

application/x-www-form-urlencoded

"

; request.Credentials

=

CredentialCache.DefaultCredentials;

//

获得用户名密码的Base64编码

string

code

=

Convert.ToBase64String(Encoding.ASCII.GetBytes(

string

.Format(

"

{0}:{1}

"

,

"

username

"

,

"

password

"

)));

//

添加Authorization到HTTP头

request.Headers.Add(

"

Authorization

"

,

"

Basic

"

+

code);

HttpWebResponse response

=

(HttpWebResponse)request.GetResponse(); StreamReader reader

=

new

StreamReader(response.GetResponseStream());

string

content

=

reader.ReadToEnd();

-----------------------------------------------------------

 

 

要在发送请求的时候添加HTTP Basic Authentication认证信息到请求中，有两种方法：

• 一是在请求头中添加Authorization： Authorization: "Basic 用户名和密码的base64加密字符串"
• 二是在url中添加用户名和密码： http://userName:password@api.minicloud.com.cn/statuses/friends_timeline.xml

下面来看下对于第一种在请求中添加Authorization头部的各种语言的实现代码。

先看.NET的吧：

string

username

=

"

username

"

;

string

password

=

"

password

"

;

//

注意这里的格式哦，为 "username:password"

string

usernamePassword

=

username

+

"

:

"

+

password; CredentialCache mycache

=

new

CredentialCache(); mycache.Add(

new

Uri(url),

"

Basic

"

,

new

NetworkCredential(username, password)); myReq.Credentials

=

mycache; myReq.Headers.Add(

"

Authorization

"

,

"

Basic

"

+

Convert.ToBase64String(

new

ASCIIEncoding().GetBytes(usernamePassword)));

WebResponse wr

=

myReq.GetResponse(); Stream receiveStream

=

wr.GetResponseStream(); StreamReader reader

=

new

StreamReader(receiveStream, Encoding.UTF8);

string

content

=

reader.ReadToEnd();

-----------------------------------------------------

using System; using System.Web.Http;

using System.Net.Http;

publicclassAuthAttribute:AuthorizeAttribute

{

    publicoverridevoidOnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)

    {

        HandleUnauthorizedRequest(actionContext);

    }

    protectedoverridevoidHandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)

    {

        var response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Redirect);

        response.Headers.Add("Location","http://www.google.com");

        actionContext.Response= response;

    }

}