Support for HTTPS and authentication in HTTP plugin

Hi: I have a use case where my REST endpoints require using HTTPS and authentication using username and password. Is it possible to do that using the HTTP plugin?

Hi @nav_dhillon,

I often use the HTTP plugin with authentication, but am not sure how to use it with login + password, it depends a bit on how it is implemented on your server. For example, is it using “code flow” or something else?

So it sounds a bit like it should be an extension written in C# so you can pop up a nice UI which asks for user name and password and does everything in the right way.

When I have used it, i add a Authentication HTTP header with a token like: “Authentication”, “Bearer ###################”.

Do you know which type of authentication your REST endpoint supports?

Thanks for the response, @rolf_madsen
I’m trying to do something like this with Basic Auth (an example from bash):

curl -u <username>:<password>

Just trying to access that endpoint with TAP. I tried adding username/password to headers in a Request step but didn’t work for me. Maybe I missed something simple

Ok, well I am not 100%, but I think you need to base64 encode <username>:<password> and then add a header like:

“Authorization”, “Basic U29tZWJhc2U2NGVuY29kZWQ=”

Source: Basic access authentication - Wikipedia

Thanks, Rolf. Your suggestion was correct.
However, in my case I still have an error: The remote certificate is invalid according to the validation procedure
It might be worthwhile to add support for such cases as described in this answer where the user can enable a Step setting (disabled by default) to allow for specific certs using a hash string or ignore certain policy errors.

Hi @nav_dhillon,

Maybe we should add some settings to allow adding new trusted root certificates

I guess we could add an “unsecure” mode like CURL has. How did you get around this issue?

@rolf_madsen : I was thinking of a change along the lines of the following to get around this:

    var handler = new HttpClientHandler()
    handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) =>
        if (stepSetting == true)  return true; 
HttpClient = new HttpClient(handler)

I agree, having it as a user configurable step setting (disabled by default) makes sense

Ref: [1][2][3]

Could you create an issue or pull request with this on the code repository?

Sure, I can do that. I’ll get to it next week

Hi @rolf_madsen : I have the changes ready but couldn’t push a branch to the repo. Could you please add me to the HTTP project on GitHub?

Hi @nav_dhillon you should be able to fork the project and then create a Pull Request without needing any special privileges.

Got it, thanks Brennen

1 Like