Author Topic: REST Basic authentication only works in localhost  (Read 555 times)

jxzhao

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
REST Basic authentication only works in localhost
« on: February 06, 2018, 10:16:58 AM »
We are evaluating Chilkat TCL library. One strange thing we noticed is that when using REST with basic authentication, if the request is sent to localhost, the proper response is received (200). But if using a non local host IP, the response is 401 authentication required. We know the request itself and the authentication information is correct by using POSTMAN to verify independently. Does anyone know the reason of this strange behavior? BTW, the chilkat APIs we used are:

set rest [new_CkRest]
set success [CkRest_Connect $rest $addr $port 0 0]
set success [CkRest_SetAuthBasic $rest $userName $password]
set response [CkRest_fullRequestNoBody $rest "GET" "..."]

Thank you for your help in advance.

Jason

Chilkat

  • Administrator
  • Full Member
  • *****
  • Posts: 103
  • Karma: +6/-0
    • View Profile
Re: REST Basic authentication only works in localhost
« Reply #1 on: February 07, 2018, 11:40:08 AM »
It's probably because you're not using SSL/TLS.   When it's localhost, there's no security issue. Basic authentication is just base64 encoding the username/password and sticking it in the request header.  If the request is not protected with TLS, then the login/password is easily obtained by anyone sniffing network packets.   I think Chilkat is preventing Basic authentication on non-SSL/TLS connections, except if it's localhost.