using System.Net.NetworkCredential class

[Carlton858]

I am using NUnitASP and I have run into problem "faking" user
credentials. In my ASP.Net/C# application, I have turned off
anonymous access to the web app and I allowing Windows groups to
handle the permissions to the app. Things are working perfectly, i.e.
only user groups that are allowed can log into the app and see what
they are supposed to, when the users enter their credentials through
IE.

It is when I try to enter the credentials programmatically with
NUnitASP that I cannot set the credentials. In most cases, using
System.Net.CredentialCache.DefaultCredentials would be fine and this
works as expected. However, I want to test other roles besides my own
in the app and this is where I need to use the
System.Net.NetworkCredential class.

For some reason I do not understand, I cannot pass a username,
password and domain to this class and have these values detected as
valid credentials. Has anyone used NUnitASP? If so, can you please
share some sample code showing how this works? If you have not used
NUnitASP, but are familiar with the System.Net.NetworkCredential
class, again I could use some coaching on how to use this class.
Thank you in advance for your help.

Carlton

 

[Eric Marvets]

Can you post a sample of the NetworkCredential code you are using?

--
Eric Marvets
Principal Consultant

the bang project

<shameless self promotion>

Email (e-mail address removed) for Information on Our Architecture and
Mentoring Services

</shameless self promotion>

 

[Carlton Nettleton]

Here is some sample code.

CredentialCache myCache = new CredentialCache();

myCache.Add(new Uri("http://cnettleton.mydomain.com/"), "Basic",
new NetworkCredential("mydomain\\so_user_test",
"myPassword"));

Browser.Credentials = myCache;
Browser.GetPage("http://cnettleton/blog/web/AddArticle.aspx");

 

[Carlton858]

Can you post a sample of the NetworkCredential code you are using?

CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri("http://cnettleton.mydomain.com/"), "Basic",
new NetworkCredential("mydomain\\so_user_test", "myPassword"));

Browser.Credentials = myCache;
Browser.GetPage("http://cnettleton/blog/web/AddArticle.aspx");

Carlton

 

[Eric Marvets]

Pass in the domain, user, and password in seperate fields. The constructor
has an overloaded version to take the domain as a string seperate from the
user as a string.

--
Eric Marvets
Principal Consultant

the bang project

<shameless self promotion>

Email (e-mail address removed) for Information on Our Architecture and
Mentoring Services

</shameless self promotion>

 

[Carlton Nettleton]

You mean something like this:

CredentialCache myCache = new CredentialCache();
NetworkCredential myCredential = new NetworkCredential();
myCredential.Domain = "myDomain";
myCredential.UserName = "myDomain\\so_user_test";
myCredential.Password = "myPassword";

myCache.Add(new Uri("http://cnettleton.myDomain.com/"), "Basic",
myCredential);

Browser.Credentials = myCache;
Browser.GetPage(DefaultPage);

If so, that does not work. It returns an HTTP 401/"you are not
authorized to view this page" error.

 

[Eric Marvets]

No.

myCredential.Domain = "myDomain";
myCredential.UserName = "so_user_test"; //change this one too
myCredential.Password = "myPassword";


--
Eric Marvets
Principal Consultant

the bang project

<shameless self promotion>

Email (e-mail address removed) for Information on Our
Architecture and Mentoring Services

</shameless self promotion>

 

[Carlton Nettleton]

That still does not work. As I am thinking about this, perhaps I am
trying to test something that does not exist or is never set?

I am using the IPrincipal interface to detect if the user belongs to a
role. If the IsInRole() method returns false, the user is brought to a
denied access page. If true, then they are sent to the correct page.
Maybe IPrincipal is not set in the NetworkCredential class when
validating credentials programmatically?