Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Re: httpwebrequest credentials

Reply
Thread Tools

Re: httpwebrequest credentials

 
 
Scott Allen
Guest
Posts: n/a
 
      09-21-2004
Hi Cozfer:

This sounds like a one-hop limitation in NTLM authentication. The
credentials can make on hope from client's machine to web server, the
web server cannot then use those credentials to access another
resource on the network from the server.

The way around it is to enable kerberos delegation:. This allows the
server to access network resources on behalf of the client. There is a
KB article on how to get this setup:
http://support.microsoft.com/default...b;en-us;810572

--
Scott
http://www.OdeToCode.com

On Tue, 21 Sep 2004 09:11:04 -0700, Cozfer
<(E-Mail Removed)> wrote:

>I am having a problem communicating with a remote server (on intranet) using
>the httpwebrequest object. We have used the object to communicate with other
>machines previously, but this time we must actually pass along the windows
>authentication credentials.
>
>Our Setup/Problem:
>-- All internal servers
>-- Cannot use anonymous/basic authentication...all use Integrated NT auth
>-- Must use default credentials (cannot specify username/password for
>credentialcache, as we must use the person who is logged on to machine)
>-- We can successfully use impersonation to access Active Directory
>-- Our httpwebrequest to the other internal servers works fine when run on
>the same machine(we use impersonation)
>-- When someone else tries to run same page on the server from a browser on
>another machine, they get a (401) Unauthorized message
>
>Below is part of the code behind that is making the request, the error
>occurs in the second-to-last line (the getresponsestream) Thanks for any
>help!!
>
>-------------------------------------------------------------
>Dim postData As String
>Dim ReqObj As HttpWebRequest = CType("http://oururl/default.aspx",
>HttpWebRequest)
>
>'Impersonate the user and set request credentials
>Dim wi As System.Security.Principal.WindowsIdentity
>Dim wic As System.Security.Principal.WindowsImpersonationCont ext
>wi = User.Identity
>wic = wi.Impersonate()
>
>postData = "variousPostData=123"
>ReqObj.Credentials = CredentialCache.DefaultCredentials
>ReqObj.Method = "POST"
>ReqObj.ContentType = "application/x-www-form-urlencoded"
>ReqObj.ContentLength = postData.Length
>ReqObj.Timeout = "30000"
>
>Dim writer As StreamWriter = New StreamWriter(ReqObj .GetRequestStream)
>writer.Write(postData.ToString)
>writer.Close()
>
>Dim ds As New DataSet
>ds.ReadXml(ReqObj.GetResponse.GetResponseStream )
>wic.Undo()
>-------------------------------------------------------
>
>The error stack is as follows:
>The remote server returned an error: (401) Unauthorized.
>at System.Net.HttpWebRequest.CheckFinalStatus()
>at System.Net.HttpWebRequest.EndGetResponse(IAsyncRes ult asyncResult)
>at System.Net.HttpWebRequest.GetResponse() etc, etc..


 
Reply With Quote
 
 
 
 
=?Utf-8?B?Q296ZmVy?=
Guest
Posts: n/a
 
      09-27-2004
Thanks for the help! We are now researching this solution.

"Scott Allen" wrote:

> Hi Cozfer:
>
> This sounds like a one-hop limitation in NTLM authentication. The
> credentials can make on hope from client's machine to web server, the
> web server cannot then use those credentials to access another
> resource on the network from the server.
>
> The way around it is to enable kerberos delegation:. This allows the
> server to access network resources on behalf of the client. There is a
> KB article on how to get this setup:
> http://support.microsoft.com/default...b;en-us;810572
>
> --
> Scott
> http://www.OdeToCode.com
>
> On Tue, 21 Sep 2004 09:11:04 -0700, Cozfer
> <(E-Mail Removed)> wrote:
>
> >I am having a problem communicating with a remote server (on intranet) using
> >the httpwebrequest object. We have used the object to communicate with other
> >machines previously, but this time we must actually pass along the windows
> >authentication credentials.
> >
> >Our Setup/Problem:
> >-- All internal servers
> >-- Cannot use anonymous/basic authentication...all use Integrated NT auth
> >-- Must use default credentials (cannot specify username/password for
> >credentialcache, as we must use the person who is logged on to machine)
> >-- We can successfully use impersonation to access Active Directory
> >-- Our httpwebrequest to the other internal servers works fine when run on
> >the same machine(we use impersonation)
> >-- When someone else tries to run same page on the server from a browser on
> >another machine, they get a (401) Unauthorized message
> >
> >Below is part of the code behind that is making the request, the error
> >occurs in the second-to-last line (the getresponsestream) Thanks for any
> >help!!
> >
> >-------------------------------------------------------------
> >Dim postData As String
> >Dim ReqObj As HttpWebRequest = CType("http://oururl/default.aspx",
> >HttpWebRequest)
> >
> >'Impersonate the user and set request credentials
> >Dim wi As System.Security.Principal.WindowsIdentity
> >Dim wic As System.Security.Principal.WindowsImpersonationCont ext
> >wi = User.Identity
> >wic = wi.Impersonate()
> >
> >postData = "variousPostData=123"
> >ReqObj.Credentials = CredentialCache.DefaultCredentials
> >ReqObj.Method = "POST"
> >ReqObj.ContentType = "application/x-www-form-urlencoded"
> >ReqObj.ContentLength = postData.Length
> >ReqObj.Timeout = "30000"
> >
> >Dim writer As StreamWriter = New StreamWriter(ReqObj .GetRequestStream)
> >writer.Write(postData.ToString)
> >writer.Close()
> >
> >Dim ds As New DataSet
> >ds.ReadXml(ReqObj.GetResponse.GetResponseStream )
> >wic.Undo()
> >-------------------------------------------------------
> >
> >The error stack is as follows:
> >The remote server returned an error: (401) Unauthorized.
> >at System.Net.HttpWebRequest.CheckFinalStatus()
> >at System.Net.HttpWebRequest.EndGetResponse(IAsyncRes ult asyncResult)
> >at System.Net.HttpWebRequest.GetResponse() etc, etc..

>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTPWebRequest, Proxy, Credentials? moo ASP .Net 1 07-25-2007 03:48 PM
"The credentials supplied conflict with an existing set of credentials" -=rjh=- NZ Computing 2 07-15-2006 11:09 PM
posting login credentials and __VIEWSTATE using HttpWebRequest fails msnews.microsoft.com ASP .Net 0 05-10-2006 11:32 AM
httpwebrequest credentials =?Utf-8?B?Q296ZmVy?= ASP .Net 0 09-21-2004 04:11 PM
Setting HttpWebRequest Credentials to be current user Jamie ASP .Net 4 03-01-2004 09:51 PM



Advertisments