how to find out authentication method and pass the right info in my query ?

1 Answer 61 Views
Fiddler Classic
john
Top achievements
Rank 1
john asked on 16 Dec 2022, 03:39 PM

Hello,

I want to automate the download of a file in a website that requires authentication.

I've used Fiddler to look at the authentication method and to find out the url and parameters to download the file I need.

I manage to call via Postman a first POST that gives me a token (using basic authentication), but then, when I try to call the GET url, it says I am not connected but I cannot find out the authentication method (I can see no WWW-Authenticate header in the previous calls made when sniffing with Fiddler).

How can I know the authentication method needed for the download, where can I find this info on Fiddler ? (I have tried to pass the token via Bearer Token method and setting the token retrieve from my first POST call but that doesn't work (401/Unauthorized). Can it be via cookies ? If so, How can I build the right cookie and pass it to my GET request ?

Thanks in advance,

1 Answer, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 19 Dec 2022, 06:36 AM

Hello John,

 

The best approach would be to share a sample session/SAZ here so we can look into how the server communicates with the client. Note that f the information is sensitive, you should probably investigate with trusted parties.

The above said, it is hard to pinpoint an authentication method without looking into the session specifics. However, a server will usually instruct the client that authentication is expected (through WWW-Authenticate header). The client should respond and verify that the authentication is taking place (through the Authorization header). Bear in mind that if the authentication is pretty much anything different from Basic Auth like Digest or NTLM, the authentication details will be hashed, meaning irreversible. That means that even if you know the authentication method, you still might not be able to contrast a proper response that will be authenticated.

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Tags
Fiddler Classic
Asked by
john
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
Share this question
or