Making a Web Request to a Web Page Which Requires Windows Authentication

  • Home
  • Languages
  • Csharp
  • Making a Web Request to a Web Page Which Requires Windows Authentication

Making a web request to a web page which requires windows authentication

I am trying to access a link A passing the windows credentials. Link A then redirects me to link B automatically but does not pass the windows credentials which I had supplied. Hence the error. I did request.AutoRedirect = false, and looped through every time I get location in the header i.e. I do my redirects manually each time passing the windows credentials.

This worked for me :)

C# WebRequest to a URL that is configured for Windows Authentication

The problem was it wasn't trying to connect with TLS 1.2. Once it clicked in my head, the error message was saying the connection closed and not actually returning a 401. I user ServiceManager to set it to TLS1.2 and then it started working.

Glen Scales help point me in the right direction though to troubleshoot it further.

Can I make HttpWebRequest include windows credentials without waiting for a 401 challenge?

Ntlm is a challenge/response based authentication protocol. You need to make the first request so that the server can issue the challenge then in the subsequent request the client sends the response to the challenge. The server then verifies this response with the domain controller by giving it the challenge and the response that the client sent.
Without knowing the challenge you can't send the response which is why 2 requests are needed.

Basic authentication is password based so you can short circuit this by sending the credentials with the first request but in my experience this can be a problem for some servers to handle.

More details available here:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx

How do I pass the windows authentication token on a web request to an api?

To send Windows credentials, you need to set the UseDefaultCredentials property of the HttpClientHandler used by HttpClient. There is an example of how to do this with IHttpClientFactory in the documentation.

In your case, it should look something like this:

services.AddHttpClient("CommonApi",
                client =>
                {
                    client.BaseAddress = new Uri(commonApiSettings.BaseAddress);
                    client.DefaultRequestHeaders.Add("Accept", "application/json");
                    client.DefaultRequestHeaders.Add("User-Agent", "AspNetCore-Demo");
                })
            .ConfigurePrimaryHttpMessageHandler(() =>
                new HttpClientHandler
                {
                    UseDefaultCredentials = true
                });

How to pass Windows Authentication credential from client to Web API service

If you use impersonation on your web site and the API is running on the same server it should work.

http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx

However, if you would move the API to a different server from the site this will stop working. A two-server setup requires Kerberos delegation.

proper implementation of windows authentication in web api?

If you are using IIS Express, you need to update applicationhost.config file.

This is the file version of the IIS configuration tool where you can configure the web server itself. you can find this file in the following directory:

%userprofile%\documents\iisexpress\config\applicationhost.config

or

%userprofile%\my documents\iisexpress\config\applicationhost.config

When you find it, update it as:

<windowsAuthentication enabled="true">
    <providers>
        <add value="Negotiate" />
        <add value="NTLM" />
    </providers>
</windowsAuthentication>

For IIS:

  1. Select your Application
  2. Double Click - 'Authentication'
  3. Enable Windows Authentication
  4. Restart IIS Server

Check this for more details

Windows authentication only for a webpage within solution

So no responses from any one here. anyway i found a workaround. i guess it might be helpful for others.

I created a loginpage which accepts only windows credentials. i removed web.config entry to accept only windows authentications.

for the aspx pages what ever the operations am doing. am checking a authentication of the user.

for the remaining pages/handlers am avoiding this cross check so that my service or download request handlers will work without any problem.


Related Topics

C# Compare Two Generic Values

Date Difference in Years Using C#

Serilog Mssql Sink Doesn't Write Logs to Database

Closing a File After File.Create

Travel Through Pixels in Bmp

Get Return Value from Process

How to Connect to Any of the Specified MySQL Hosts. C# MySQL

Simulating Keyboard with Sendinput API in Directinput Applications

Linq Query Group by and Selecting First Items

Simple Automapper Example

Smtp and Oauth 2

Get Affected Rows on Executenonquery

C# 8 Switch Expression with Multiple Cases with Same Result

How to Create a Dictionary of Generic Types

Read from a File Starting at the End, Similar to Tail

How to Change the Color of Winform Datagridview Header

How to Implement Full Row Selecting in Gridview Without Select Button

Reading from Excel (Range into Multidimensional Array) C#


Leave a reply



Submit