Is there anyway to do HttpAPI + Basic Authentication

Goals: To do basic authentication without using Session as authorization. This allow direct client directly access API without the need to use Login method.

After some searching in the forum, i found a post for authorization method using ApiSimpleAuthenticationManager. Which is good but not exactly what i need. And i have further question for using ApiSimpleAuthenticationManager.

When does the Session manage by ApiSimpleAuthenticationManager expired? How do we set its duration? can we set it so that it wouldn’t expire?

If the session is unable to customize, I would have chosen to do basic authentication instead.

Thank you for your time.


Here is the sample server that uses HTTP Basic Auth: (60.6 KB)

I’ll log an issue to add the authentication manager class from this sample into core Remoting SDK

It is managed by the same Session Manager as all other server sessions. It is possible to adjust the session manager settings to increase the session timeout to say 1 year (so sessions can be considered as non-expiring)


Thanks, logged as bugs://83910

On the TimeOut Session Manager

the value ‘TimeOut’ is Integer type, i would like to know whether it meant minute or second?

I had tried my hand it. I think it was minute but I was sure. And I hope this is the right place which to set the Session time out.


    server.NetworkServer.ServerChannel = new IpHttpServerChannel();
    server.NetworkServer.SessionManager.Timeout = 1;
    server.NetworkServer.SessionManager.OnSessionExpired += SessionEventHandler_OnSessionExpired;
    server.NetworkServer.Port = 8085;


Yes, this is the correct place. However if you want to move this initialization code to a different place (f.e. if you do not want to have infrastructure code in the program startup class) you can define a custom Network Server (if needed I can provide a sample for this).

The Timeout property is set in seconds.

However the expiration timer is run every 60 seconds. So even if you set expiration timeout to 1 second the session will be destroyed only when the expiration timer is run. So it can be alive for up to 60 seconds.