using login credentials for HTTPwebrequest basic/digest authentica

T

Ty

Hi,
I would like to use the logged in users credentials for HTTPwebrequest basic
(or digest) authentication. Unfortunately I have been unable to find any
information about how to do this. Any help is greatly appreciated.

I have a desktop application that uses a server for processing. They
communicate using HTTP. I would like to have a 'single sign-on' experience
for the user: they login to the domain and "invisibly" get access to my
server: without having to authenticate again.

My server software is written in Java. I am assuming that the Java code
will be able to use the credentials contained in the HTTP message to
authenticate the user via LDAP to active directory. Any confirmation that
this is actually possible is also greatly appreciated.

Thanks.
Ty
 
A

Andreas Johansson

It is not clear what .NET class you are using to communicate with the
server.

If you use the WebClient class you can set the Credentials property to
contain a username and password.

It is then up to the server side to fetch the credentials out of the HTTP
request sent.
 
T

Ty

Thanks for the response. This is what I think the C# code should look like.

Uri uri = new Uri(strUri);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri);
req.Credentials = CredentialsCache.DefaultCredentials;
HttpWebResponse res = (HttpWebResponse)req.GetResponse();

OR

Uri uri = new Uri(strUri);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri);
req.UseDefaultCredentials = true;
HttpWebResponse res = (HttpWebResponse)req.GetResponse();


My understanding is that this will put the currently logged in users'
credentials into the HTTP headers of req. I'm not sure how to force NTLM
though.

I was hoping to use Digest rather than NTLM or Kerberos but it doesn't look
like it is supported.
 
A

Andreas Johansson

I think you may need to create your own CredentialCache, check the section
in MSDN.
http://msdn.microsoft.com/en-us/library/system.net.credentialcache(VS.71).aspx

The C# code sample from there.

CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri("http://www.contoso.com/"),"Basic",new
NetworkCredential(UserName,SecurelyStoredPassword));
myCache.Add(new Uri("http://www.contoso.com/"),"Digest", new
NetworkCredential(UserName,SecurelyStoredPassword,Domain));
wReq.Credentials = myCache;
 
T

Ty

Thanks for the advice Andreas.

The only problem I have with creating my own credential cache is that I
can't work out how to get the logged in users' password into it. I can get
the username and domain easily enough but I havn't found a way to get the
password out of Windows. note: I don't want the user to have to re-enter
their password.

I assume it isn't supported. It would probably be a pretty big security
problem if I could get the password so easily.

My reading of the MSDN documentation leads me to believe that if I use the
default credential and let it do NTLM or Kerberos then the Integrated Windows
Authentication should kick in and 'like magic' the logged in users'
credentials will be put in the headers of the HTTP request for processing by
the server.

Has anyone actually done this? Can anyone tell me if it actually works?

I don't have a domain environment to test on at the moment so I am going off
the documentation only.

Thanks,
Ty
 
A

Andreas Johansson

I thought that when you mentioned you wanted to use Digest that you would
know the username and password. It is true that you will not be able to get
the logged on users password for the reasons you mention.

You can test NTLM authentication locally. In your local IIS go to the
security settings and uncheck anonymous access and check integrated windows
authentication.

I have been using integrated windows authentication a lot. My experience is
that it works very well. The only thing that have been an issue is to setup
delegation between the web server and sql server when located on different
servers and you want to login with the same credentials on the sql server.
Your domain need to be setup with kerberos in that case if I recall it
correctly.

/Andreas
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

httpwebrequest with https behind proxy with authentication 4
HttpWebRequest PreAuthenticate not working for Digest Authentication? 0
Outlook 2007 IMAP DIGEST-MD5 authentication broken? 0
HttpWebRequest with SSL URI 2
HttpWebRequest with certificate 0
HttpWebRequest over Https Via Proxy Fails using NTLM 4
Validating User Credentials 2
Setting HttpWebRequest Credentials to be current user 4

Top