Default credentials

[Wild Wind]

Hello,

I have an application which calls a web service across the
Internet from a client machine.

The site that I have deployed the application to is such that
to browse the Internet using a web browser, a person needs to
do the following:

(a) ensure that a proxy server address is specified;

(b) enter a username and password into an authentication dialog
that comes up whenever they start up the web browser.

I am finding that as a result, I cannot connect at all to the
Internet directly.


I have deployed the same application on other sites that use
a proxy server to connect to the Internet by specifying the
proxy server address in my config file and using this address
to create a proxy for the web service using the following code:

Dim WSProxy as MyWebServiceProxy
WSProxy.Proxy = New WebProxy(proxyServerAddresss, True, _
Nothing, CredentialCache.DefaultCredentials)
WSProxy.CallWebServiceMethod()

However, this works at client sites where I *don't* have to specify
further authentication before web browsing. In other words, it
*doesn't* work for the client site first mentioned above.


My questions are:

When someone supplies the authentication details when they want
to use the web browser, are those details added to a CredentialCache?

If so, can I get at this CredentialCache to get these credentials?

If not, should I create my own credentials based on the username,
password and domain that the user normally enters when accessing
the web via a web browser?

TIA,

 

[Wild Wind]

Hello Hernan,

Thanks for your answer.

Is there a way of knowing whether the dialog box that
comes up on my client site requires NTLM or Basic authentication?

As I said, the dialog comes up whichever site you visit using
a web browser - I assume it must be something they have set up
on their firewall.

Will it matter if I just use "Negotiate"?

Also, if I add several NetworkCredential objects to my cache, and add
this cache to my proxy, will it use all of the credentials in the
cache to authenticate until one succeeds?

Thanks in advance,

Akin

 

[Hernan de Lahitte]

If you need to pass certain credentials to your proxy WS class, just use
something like this:

CredentialCache cache = new CredentialCache();
cache.Add( new Uri( WSProxy.Url ), "Negotiate", new NetworkCredentials(
"youruser", "yourpwd", "yourdomain") );
WSProxy.Credentials = cache;

If you use NTLM auth in IIS, "Negotiate" will be fine. If you use "Basic"
auth instead, just put "Basic" where it says "negotiate".
--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Hernan de Lahitte]

Is there a way of knowing whether the dialog box that

comes up on my client site requires NTLM or Basic authentication?

When you first try to communicate with your WS server, you will receive a
header with the authentication method required by IIS. There you have a
sample code that will read the auth. header.

try
{
WebRequest wreq = WebRequest.Create( new Uri( url ) ); //url is your WS
URL.
WebResponse wresp = wreq.GetResponse();
wresp.Close();
}
catch( WebException e )
{
if( e.Status == WebExceptionStatus.ProtocolError )
{
string rawMethod = e.Response.Headers[ "WWW-Authenticate" ];
// rawMethod will has the required authentication method
}
else
{
throw;
}
}

As I said, the dialog comes up whichever site you visit using
a web browser - I assume it must be something they have set up
on their firewall.

If your receive a Dialog asking for your creds with NTLM auth (not Basic)
check out your IE configuration
(Tools/Options/Security/[Custom Level] User Authentication (Prompt for user
name and password) option checked.

Will it matter if I just use "Negotiate"?

This will work only for Integrated Windows Authentication method (Negotiate
will switch between Kerberos and NTLM).

Also, if I add several NetworkCredential objects to my cache, and add
this cache to my proxy, will it use all of the credentials in the
cache to authenticate until one succeeds?

Sure. You may use something like this:

CredentialCache cache = new CredentialCache();

cache.Add(new Uri( WSProxy.Url ),"Basic",new NetworkCredential( "youruser",
"yourpwd", "yourdomain") );
cache.Add(new Uri( WSProxy.Url ),"Negotiate", new
NetworkCredential("youruser", "yourpwd", "yourdomain") );

WSProxy.Credentials = cache;
And depending on your Auth method, the appropiate credential will be used.
Always remember that the DefaultCredentials property contains the system
credentials of the current security context. For client applications, these
represent the user name, password, and domain of the user who is currently
logged in. For ASP.NET applications, the default credentials are the user
credentials of the logged-in user or the user being impersonated.

Regards,
Hernan.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.