«

I have a test http url that allows a connection from any domain user.

I am using the following code to test access to it:
XmlReaderSettings readerSettings = new XmlReaderSettings();
readerSettings.ProhibitDtd = false;
readerSettings.ValidationType = ValidationType.DTD;
XmlUrlResolver resolver = new XmlUrlResolver();
resolver.Credentials = new NetworkCredential("dave", "bogus");
readerSettings.XmlResolver = resolver;
XmlReader xmlReader = XmlReader.Create(filename, readerSettings);
while (xmlReader.Read())
// nothing - just make sure can read all
;

But the above is a bad password. Shouldn't this fail? I am testing this case
because we can use forms login and in that case the user must enter their
username/password - we don't want to allow the credentials of the ASP.NET app
to allow access.

Am I missing something?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Hello Dave,

I think the problem you meet is is due to the server-side web
application/page is using Forms Authentication, the httpwebrequest based
programmatic http web requesting does not support interactive with forms
authentication. Forms Authentication always require an interactive client
user. There does exists means to programmatically request pages secured
through forms authentication, you can construct a http post message with
the username/password forms data pair and send it to the login page, after
that hold the returned cookie collection so that you can use httpwebrequest
to access other pages secured by the forms authentication later. here is a
good web article demonstrate on this:

http://odetocode.com/Articles/162.aspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

I forgot to turn off all anonomous connections - works fine now.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"Steven Cheng[MSFT]" wrote:

> Hello Dave,
>
> I think the problem you meet is is due to the server-side web
> application/page is using Forms Authentication, the httpwebrequest based
> programmatic http web requesting does not support interactive with forms
> authentication. Forms Authentication always require an interactive client
> user. There does exists means to programmatically request pages secured
> through forms authentication, you can construct a http post message with
> the username/password forms data pair and send it to the login page, after
> that hold the returned cookie collection so that you can use httpwebrequest
> to access other pages secured by the forms authentication later. here is a
> good web article demonstrate on this:
>
> http://odetocode.com/Articles/162.aspx
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>