HttpWebRequest.PreAuthenticate Property

Definition

Gets or sets a value that indicates whether to send an Authorization header with the request.

C#
public override bool PreAuthenticate { get; set; }

Property Value

true to send an HTTP Authorization header with requests after authentication has taken place; otherwise, false. The default is false.

Remarks

Caution

WebRequest, HttpWebRequest, ServicePoint, and WebClient are obsolete, and you shouldn't use them for new development. Use HttpClient instead.

After a client request to a specific Uri is successfully authenticated, if PreAuthenticate is true and credentials are supplied, the Authorization header is sent with each request to any Uri that matches the specific Uri up to the last forward slash. So if the client request successfully authenticated to a specific Uri that contains the following:

http://www.contoso.com/firstpath/

Then the Authorization header for preauthentication is sent with each request to any of the following Uri instances:

http://www.contoso.com/firstpath/

http://www.contoso.com/firstpath/default

http://www.contoso.com/firstpath/default.html

http://www.contoso.com/firstpath/sample.html

However, the Authorization header is not sent with requests to any of the following Uri instances:

http://www.contoso.com/

http://www.contoso.com/firstpath

http://www.contoso.com/secondpath/

http://www.contoso.com/firstpath/thirdpath/

If the client request to a specific Uri is not successfully authenticated, the request uses standard authentication procedures.

With the exception of the first request, the PreAuthenticate property indicates whether to send authentication information with subsequent requests to a Uri that matches the specific Uri up to the last forward slash without waiting to be challenged by the server.

The following dialog between client and server illustrates the effect of this property. The dialog assumes that basic authentication is in use.

PreAuthenticate is false:

Client: GET someUrl

Server: 401 WWW-Authenticate Basic

Client: GET with Authorization headers

Server: 200 OK

Client: GET someUrl

Server: 401 WWW-Authenticate Basic

Client: GET with Authorization headers

Server: 200 OK

PreAuthenticate is true:

Client: GET someUrl

Server: 401 WWW-Authenticate Basic

Client: GET with Authorization headers

Server: 200 OK

Client: GET someUrl with Authorization headers

If the authentication scheme does not support preauthentication, the value of this property is ignored.

Applies to

Product Versions
.NET Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9
.NET Framework 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET Standard 2.0, 2.1