How to Authenticate a Webclient Request

How do I authenticate a WebClient request?

What kind of authentication are you using? If it's Forms authentication, then at best, you'll have to find the .ASPXAUTH cookie and pass it in the WebClient request.

At worst, it won't work.

WebClient accessing page with credentials

I suspect that the web page that you are trying to access uses Forms Authentication. This means that you will have to provide a valid authentication cookie if you want to be able to access protected resources. And in order to obtain a valid authentication cookie you will have to first authenticate yourself by sending a POST request to the LogOn page which emits the cookie. Once you retrieve the cookie you will be able to send it along on subsequent requests on protected resources. You should also note that out of the box WebClient doesn't support cookies. For this reason you could write a custom cookie aware web client:

public class CookieAwareWebClient : WebClient
public CookieAwareWebClient()
CookieContainer = new CookieContainer();
public CookieContainer CookieContainer { get; private set; }

protected override WebRequest GetWebRequest(Uri address)
var request = (HttpWebRequest)base.GetWebRequest(address);
request.CookieContainer = CookieContainer;
return request;

Now you could use this client to fire off the 2 requests:

using (var client = new CookieAwareWebClient())
var values = new NameValueCollection
{ "username", "john" },
{ "password", "secret" },
client.UploadValues("http://domain.loc/logon.aspx", values);

// If the previous call succeeded we now have a valid authentication cookie
// so we could download the protected page
string result = client.DownloadString("http://domain.loc/testpage.aspx");

Obviously due to the ViewState crapiness of ASP.NET you might need to send a couple of other parameters along your logon request. Here's what you could do: authenticate in a web browser and look with FireBug the exact parameters and headers that need to be sent.

.NET WebClient sends request without authentication first

You can't avoid the first anonymous request because the WebClient has to figure out which authentication scheme is used, based on the 401 response he's getting, it could be basic, digest, etc...
See that question.

With digest you can't avoid 2 requests anyway because the first 401 response contains a nonce (a value that is needed for the client authentication request), see Digest access authentication, Wikipedia.

If it was basic authentication you could have avoided the first request by setting the needed header manually with your credentials.

where to put username and password of WebClient of Spring Webflux?

HTTP Basic authentication expects the username and password encoded in Base64 format in Authorization header. Also, you don't need to have a login endpoint since this information should be sent with every request.

Add the Basic Auth header to each call in your client like the following:

String basicAuthHeader = "basic " + Base64Utils.encodeToString((username + ":" + password).getBytes())

.header(HttpHeaders.AUTHORIZATION, basicAuthHeader)
.flatMapMany(response -> response.bodyToFlux(User.class))
.subscribe(u -> System.out.println("All Users : " + u.getUsername() + ":" + u.getEmail() + ":" + u.getFullname()));

Forwarding credentials with WebClient

i assume that you have integrated authentication enabled on the web server hosting the aspx page and that the server is IIS.

if the page is not on the reporting server then you may be experiencing the double hop issue related to authentication forwarding. the solution requires kerberos authentication and proper configuration of a few items at the domain level.

C# WebClient NTLM authentication starting for each request

After 10 days of trying everything I could think of and learning a lot in the process, I finally figured a fix for this issue.

The trick is to enable UnsafeAuthenticatedConnectionSharing by overriding GetWebRequest and setting the property to true in the HttpWebRequest you get back.

You may want to combine that with the ConnectionGroupName property to avoid the potential use of the connection by unauthenticated applications.

Here is the sample from the question modified to work as expected. It opens a single NTLM authenticated connection and reuses it:

using System;
using System.Net;

namespace ConsoleApplication1
class Program
static void Main(string[] args)
string URL_status = "http://localhost/status";

CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri(URL_status), "NTLM", new NetworkCredential("username", "password", "domain"));

MyWebClient webClient = new MyWebClient();
webClient.Credentials = myCache;

for (int i = 1; i <= 5; i++)
string result = webClient.DownloadString(new Uri(URL_status));
Console.WriteLine("Try {0}: {1}", i, result);


public class MyWebClient : WebClient
protected override WebRequest GetWebRequest(Uri address)
WebRequest request = base.GetWebRequest(address);

if (request is HttpWebRequest)
var myWebRequest = request as HttpWebRequest;
myWebRequest.UnsafeAuthenticatedConnectionSharing = true;
myWebRequest.KeepAlive = true;

return request;

At this point I would also like to thank @Falco Alexander for all the help; while his suggestions didn't quite work for me, he did point me in the right direction to look for and finally find the answer.

How to make an authenticated web request in Powershell?

The PowerShell is almost exactly the same.

$webclient = new-object System.Net.WebClient
$webclient.Credentials = new-object System.Net.NetworkCredential($username, $password, $domain)
$webpage = $webclient.DownloadString($url)

Related Topics

Leave a reply