XmlUrlResolver not working right

Discussion in 'ASP .Net Security' started by David Thielen, Dec 22, 2006.

  1. I have a test http url that allows a connection from any domain user.

    I am using the following code to test access to it:
    XmlReaderSettings readerSettings = new XmlReaderSettings();
    readerSettings.ProhibitDtd = false;
    readerSettings.ValidationType = ValidationType.DTD;
    XmlUrlResolver resolver = new XmlUrlResolver();
    resolver.Credentials = new NetworkCredential("dave", "bogus");
    readerSettings.XmlResolver = resolver;
    XmlReader xmlReader = XmlReader.Create(filename, readerSettings);
    while (xmlReader.Read())
    // nothing - just make sure can read all
    ;

    But the above is a bad password. Shouldn't this fail? I am testing this case
    because we can use forms login and in that case the user must enter their
    username/password - we don't want to allow the credentials of the ASP.NET app
    to allow access.

    Am I missing something?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
     
    David Thielen, Dec 22, 2006
    #1
    1. Advertising

  2. Hello Dave,

    I think the problem you meet is is due to the server-side web
    application/page is using Forms Authentication, the httpwebrequest based
    programmatic http web requesting does not support interactive with forms
    authentication. Forms Authentication always require an interactive client
    user. There does exists means to programmatically request pages secured
    through forms authentication, you can construct a http post message with
    the username/password forms data pair and send it to the login page, after
    that hold the returned cookie collection so that you can use httpwebrequest
    to access other pages secured by the forms authentication later. here is a
    good web article demonstrate on this:

    http://odetocode.com/Articles/162.aspx

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Dec 25, 2006
    #2
    1. Advertising

  3. I forgot to turn off all anonomous connections - works fine now.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Steven Cheng[MSFT]" wrote:

    > Hello Dave,
    >
    > I think the problem you meet is is due to the server-side web
    > application/page is using Forms Authentication, the httpwebrequest based
    > programmatic http web requesting does not support interactive with forms
    > authentication. Forms Authentication always require an interactive client
    > user. There does exists means to programmatically request pages secured
    > through forms authentication, you can construct a http post message with
    > the username/password forms data pair and send it to the login page, after
    > that hold the returned cookie collection so that you can use httpwebrequest
    > to access other pages secured by the forms authentication later. here is a
    > good web article demonstrate on this:
    >
    > http://odetocode.com/Articles/162.aspx
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
     
    David Thielen, Dec 30, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tom
    Replies:
    0
    Views:
    435
  2. Gideon de Swardt

    XmlUrlResolver xsl:include

    Gideon de Swardt, Feb 27, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    4,160
    Gideon de Swardt
    Mar 1, 2004
  3. =?Utf-8?B?QmlzaG95?=
    Replies:
    0
    Views:
    1,005
    =?Utf-8?B?QmlzaG95?=
    Dec 28, 2006
  4. Bogdan
    Replies:
    1
    Views:
    824
    Bogdan
    Jun 16, 2009
  5. Colin Bowern
    Replies:
    0
    Views:
    312
    Colin Bowern
    Jan 2, 2004
Loading...

Share This Page