Re: httpwebrequest credentials

Discussion in 'ASP .Net' started by Scott Allen, Sep 21, 2004.

  1. Scott Allen

    Scott Allen Guest

    Hi Cozfer:

    This sounds like a one-hop limitation in NTLM authentication. The
    credentials can make on hope from client's machine to web server, the
    web server cannot then use those credentials to access another
    resource on the network from the server.

    The way around it is to enable kerberos delegation:. This allows the
    server to access network resources on behalf of the client. There is a
    KB article on how to get this setup:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;810572

    --
    Scott
    http://www.OdeToCode.com

    On Tue, 21 Sep 2004 09:11:04 -0700, Cozfer
    <> wrote:

    >I am having a problem communicating with a remote server (on intranet) using
    >the httpwebrequest object. We have used the object to communicate with other
    >machines previously, but this time we must actually pass along the windows
    >authentication credentials.
    >
    >Our Setup/Problem:
    >-- All internal servers
    >-- Cannot use anonymous/basic authentication...all use Integrated NT auth
    >-- Must use default credentials (cannot specify username/password for
    >credentialcache, as we must use the person who is logged on to machine)
    >-- We can successfully use impersonation to access Active Directory
    >-- Our httpwebrequest to the other internal servers works fine when run on
    >the same machine(we use impersonation)
    >-- When someone else tries to run same page on the server from a browser on
    >another machine, they get a (401) Unauthorized message
    >
    >Below is part of the code behind that is making the request, the error
    >occurs in the second-to-last line (the getresponsestream) Thanks for any
    >help!!
    >
    >-------------------------------------------------------------
    >Dim postData As String
    >Dim ReqObj As HttpWebRequest = CType("http://oururl/default.aspx",
    >HttpWebRequest)
    >
    >'Impersonate the user and set request credentials
    >Dim wi As System.Security.Principal.WindowsIdentity
    >Dim wic As System.Security.Principal.WindowsImpersonationContext
    >wi = User.Identity
    >wic = wi.Impersonate()
    >
    >postData = "variousPostData=123"
    >ReqObj.Credentials = CredentialCache.DefaultCredentials
    >ReqObj.Method = "POST"
    >ReqObj.ContentType = "application/x-www-form-urlencoded"
    >ReqObj.ContentLength = postData.Length
    >ReqObj.Timeout = "30000"
    >
    >Dim writer As StreamWriter = New StreamWriter(ReqObj .GetRequestStream)
    >writer.Write(postData.ToString)
    >writer.Close()
    >
    >Dim ds As New DataSet
    >ds.ReadXml(ReqObj.GetResponse.GetResponseStream)
    >wic.Undo()
    >-------------------------------------------------------
    >
    >The error stack is as follows:
    >The remote server returned an error: (401) Unauthorized.
    >at System.Net.HttpWebRequest.CheckFinalStatus()
    >at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
    >at System.Net.HttpWebRequest.GetResponse() etc, etc..
    Scott Allen, Sep 21, 2004
    #1
    1. Advertising

  2. Thanks for the help! We are now researching this solution.

    "Scott Allen" wrote:

    > Hi Cozfer:
    >
    > This sounds like a one-hop limitation in NTLM authentication. The
    > credentials can make on hope from client's machine to web server, the
    > web server cannot then use those credentials to access another
    > resource on the network from the server.
    >
    > The way around it is to enable kerberos delegation:. This allows the
    > server to access network resources on behalf of the client. There is a
    > KB article on how to get this setup:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
    >
    > --
    > Scott
    > http://www.OdeToCode.com
    >
    > On Tue, 21 Sep 2004 09:11:04 -0700, Cozfer
    > <> wrote:
    >
    > >I am having a problem communicating with a remote server (on intranet) using
    > >the httpwebrequest object. We have used the object to communicate with other
    > >machines previously, but this time we must actually pass along the windows
    > >authentication credentials.
    > >
    > >Our Setup/Problem:
    > >-- All internal servers
    > >-- Cannot use anonymous/basic authentication...all use Integrated NT auth
    > >-- Must use default credentials (cannot specify username/password for
    > >credentialcache, as we must use the person who is logged on to machine)
    > >-- We can successfully use impersonation to access Active Directory
    > >-- Our httpwebrequest to the other internal servers works fine when run on
    > >the same machine(we use impersonation)
    > >-- When someone else tries to run same page on the server from a browser on
    > >another machine, they get a (401) Unauthorized message
    > >
    > >Below is part of the code behind that is making the request, the error
    > >occurs in the second-to-last line (the getresponsestream) Thanks for any
    > >help!!
    > >
    > >-------------------------------------------------------------
    > >Dim postData As String
    > >Dim ReqObj As HttpWebRequest = CType("http://oururl/default.aspx",
    > >HttpWebRequest)
    > >
    > >'Impersonate the user and set request credentials
    > >Dim wi As System.Security.Principal.WindowsIdentity
    > >Dim wic As System.Security.Principal.WindowsImpersonationContext
    > >wi = User.Identity
    > >wic = wi.Impersonate()
    > >
    > >postData = "variousPostData=123"
    > >ReqObj.Credentials = CredentialCache.DefaultCredentials
    > >ReqObj.Method = "POST"
    > >ReqObj.ContentType = "application/x-www-form-urlencoded"
    > >ReqObj.ContentLength = postData.Length
    > >ReqObj.Timeout = "30000"
    > >
    > >Dim writer As StreamWriter = New StreamWriter(ReqObj .GetRequestStream)
    > >writer.Write(postData.ToString)
    > >writer.Close()
    > >
    > >Dim ds As New DataSet
    > >ds.ReadXml(ReqObj.GetResponse.GetResponseStream)
    > >wic.Undo()
    > >-------------------------------------------------------
    > >
    > >The error stack is as follows:
    > >The remote server returned an error: (401) Unauthorized.
    > >at System.Net.HttpWebRequest.CheckFinalStatus()
    > >at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
    > >at System.Net.HttpWebRequest.GetResponse() etc, etc..

    >
    >
    =?Utf-8?B?Q296ZmVy?=, Sep 27, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mdh
    Replies:
    0
    Views:
    938
  2. Jamie
    Replies:
    4
    Views:
    13,968
    Jamie
    Mar 1, 2004
  3. =?Utf-8?B?Q296ZmVy?=

    httpwebrequest credentials

    =?Utf-8?B?Q296ZmVy?=, Sep 21, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    1,317
    =?Utf-8?B?Q296ZmVy?=
    Sep 21, 2004
  4. msnews.microsoft.com
    Replies:
    0
    Views:
    891
    msnews.microsoft.com
    May 10, 2006
  5. moo
    Replies:
    1
    Views:
    8,773
    bruce barker
    Jul 25, 2007
Loading...

Share This Page