Hello!
I'm trying to retrieve data from my OData service that uses basic authentication. In some cases, OData server returns 302 Found or 301 Moved Permanently HTTP status code with URL for redirect in Location header. All works fine via browser, but Excel shows me "401 Unauthorized" error message in case when server returns 301/302 HTTP code. If server doesn't return 301/302 code, all works fine.
So, for example, I have my service with basic authentication on "http://localhost/odata". When client makes a request to "http"//localhost/someservice", he gets 302 Found HTTP response with "Location=http://localhost/odata" HTTP header. After that browser shows me login form by "http://localhost/odata" address, but Excel throws an error with 401 Unauthorized.
Please help, is this an issue with Excel or should I return a different response from OData service in case of redirect?
I've tried to compare the requests from a browser and from Excel using Fiddler. The only major difference I've found is "Connection: keep-alive" header on the redirected request to "http://localhost/odata": request from a browser has this header and request from Excel hasn't.
It seems that Excel doesn't pass username and password for the request to redirected URL. I debugged case when Excel connects to "http://localhost/odata" directly and I saw that Excel makes request, server returns 401 Unauthorized response, and after that Excel passes username and password in HTTP headers. In case when Excel connects to "http://localhost/someservice" it recieves the same 401 Unauthorized response with WWW-Authenticate: Basic header, but doesn't pass username and password at all, just throws me an error.