Hi: I have a use case where my REST endpoints require using HTTPS and authentication using username and password. Is it possible to do that using the HTTP plugin?
Hi @nav_dhillon,
I often use the HTTP plugin with authentication, but am not sure how to use it with login + password, it depends a bit on how it is implemented on your server. For example, is it using “code flow” or something else?
So it sounds a bit like it should be an extension written in C# so you can pop up a nice UI which asks for user name and password and does everything in the right way.
When I have used it, i add a Authentication HTTP header with a token like: “Authentication”, “Bearer ###################”.
Do you know which type of authentication your REST endpoint supports?
Thanks for the response, @rolf_madsen
I’m trying to do something like this with Basic Auth (an example from bash):
curl -u <username>:<password> https://example.com/my_endpoint
Just trying to access that endpoint with TAP. I tried adding username/password to headers in a Request step but didn’t work for me. Maybe I missed something simple
Ok, well I am not 100%, but I think you need to base64 encode <username>:<password>
and then add a header like:
“Authorization”, “Basic U29tZWJhc2U2NGVuY29kZWQ=”
Thanks, Rolf. Your suggestion was correct.
However, in my case I still have an error: The remote certificate is invalid according to the validation procedure
It might be worthwhile to add support for such cases as described in this answer where the user can enable a Step setting (disabled by default) to allow for specific certs using a hash string or ignore certain policy errors.
Hi @nav_dhillon,
Maybe we should add some settings to allow adding new trusted root certificates
I guess we could add an “unsecure” mode like CURL has. How did you get around this issue?
@rolf_madsen : I was thinking of a change along the lines of the following to get around this:
var handler = new HttpClientHandler()
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) =>
{
if (stepSetting == true) return true;
....
}
HttpClient = new HttpClient(handler)
I agree, having it as a user configurable step setting (disabled by default) makes sense
Could you create an issue or pull request with this on the code repository?
Sure, I can do that. I’ll get to it next week
Hi @rolf_madsen : I have the changes ready but couldn’t push a branch to the repo. Could you please add me to the HTTP project on GitHub?
Hi @nav_dhillon you should be able to fork the project and then create a Pull Request without needing any special privileges.
Got it, thanks Brennen