| Groups | Blog | Home |
asp.net security : HttpWebRequest and 401
Hello All
Here is what I am attempting to do: I have a NTLM protected site. There are some users who are not part of the domain (visitors) get challenged with a Pop up dialog box prompting for a user id, pwd and domain. In oder to overcome this, I have setup a anonymous site (open to alll). Users would first hit this site contains a page with an instance of HttpWebRequest class. This class would make a call to the protected site with the user's credentials on behalf of the user. If the user has the correct credentials, then they would be passed to the protected site else they would be redirected to a login page (NOT the pop up dialog). In theory this appears to be a good idea to get rid of the po up dialog. However, I am unable to get the suers credentials on the anonymous site and pass it to the HttpWebRequest. If I use DefaultCredentials, then the site's user id and password are passed (IUSR_MACHINENAME). Is it possible to obtain the user credential on the anonymous site or is there another way to acoomplish this
[quoted text, click to view]
CharlieNilsson_CUTOUT_@hotmail.com (Charlie Nilsson [MSFT]) wrote in message news:<ngZS9Bp5DHA.1992@cpmsftngxa07.phx.gbl>... > I think you're confusing authentication types. > > Read this msdn article, "IIS Authentication" on the subject or search > online on msdn. > ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/vsent7/html/vxconIISAuthentic > ation.htm > > At some point, you will need to gather authentication information from the > user (i.e. they will have to enter a username / pwd). Why use two servers > when one will suffice? > > > -------------------------------------------------------------------- > This reply is provided AS IS, without warranty (express or implied). > > > -------------------- > >From: linuxlivz@yahoo.com (LinuxLivz) > >Newsgroups: microsoft.public.dotnet.framework.aspnet.security > >Subject: HttpWebRequest and 401 > >Date: 29 Jan 2004 06:35:21 -0800 > >Organization: http://groups.google.com > >Lines: 23 > >Message-ID: <a5921448.0401290635.240f1498@posting.google.com> > >NNTP-Posting-Host: 63.100.172.7 > >Content-Type: text/plain; charset=ISO-8859-1 > >Content-Transfer-Encoding: 8bit > >X-Trace: posting.google.com 1075386921 4534 127.0.0.1 (29 Jan 2004 > 14:35:21 GMT) > >X-Complaints-To: groups-abuse@google.com > >NNTP-Posting-Date: Thu, 29 Jan 2004 14:35:21 +0000 (UTC) > >Path: > cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su > l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po > stnews1.google.com!not-for-mail > >Xref: cpmsftngxa07.phx.gbl > microsoft.public.dotnet.framework.aspnet.security:8423 > >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security > > > >Hello All > >Here is what I am attempting to do: > > > >I have a NTLM protected site. There are some users who are not part of > >the domain (visitors) get challenged with a Pop up dialog box > >prompting for a user id, pwd and domain. > > > >In oder to overcome this, I have setup a anonymous site (open to > >alll). Users would first hit this site contains a page with an > >instance of HttpWebRequest class. This class would make a call to the > >protected site with the user's credentials on behalf of the user. If > >the user has the correct credentials, then they would be passed to the > >protected site else they would be redirected to a login page (NOT the > >pop up dialog). In theory this appears to be a good idea to get rid of > >the po up dialog. > > > >However, I am unable to get the suers credentials on the anonymous > >site and pass it to the HttpWebRequest. If I use DefaultCredentials, > >then the site's user id and password are passed (IUSR_MACHINENAME). Is > >it possible to obtain the user credential on the anonymous site or is > >there another way to acoomplish this > > > >Thanks > > Thanks for your response. I understand auth types, NTLM works well for windows domain acounts, what about other OSes? The thinking is to perform auth without the annoyin pop-up dialog. I think, to condense the question, it would be can one make the auth pop up dialog go away if user is not in a Windows domain
I think you're confusing authentication types.
Read this msdn article, "IIS Authentication" on the subject or search online on msdn. ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/vsent7/html/vxconIISAuthentic ation.htm At some point, you will need to gather authentication information from the user (i.e. they will have to enter a username / pwd). Why use two servers when one will suffice? -------------------------------------------------------------------- This reply is provided AS IS, without warranty (express or implied). -------------------- [quoted text, click to view] >From: linuxlivz@yahoo.com (LinuxLivz) cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su>Newsgroups: microsoft.public.dotnet.framework.aspnet.security >Subject: HttpWebRequest and 401 >Date: 29 Jan 2004 06:35:21 -0800 >Organization: http://groups.google.com >Lines: 23 >Message-ID: <a5921448.0401290635.240f1498@posting.google.com> >NNTP-Posting-Host: 63.100.172.7 >Content-Type: text/plain; charset=ISO-8859-1 >Content-Transfer-Encoding: 8bit >X-Trace: posting.google.com 1075386921 4534 127.0.0.1 (29 Jan 2004 14:35:21 GMT) >X-Complaints-To: groups-abuse@google.com >NNTP-Posting-Date: Thu, 29 Jan 2004 14:35:21 +0000 (UTC) >Path: l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po stnews1.google.com!not-for-mail [quoted text, click to view] >Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:8423 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security > >Hello All >Here is what I am attempting to do: > >I have a NTLM protected site. There are some users who are not part of >the domain (visitors) get challenged with a Pop up dialog box >prompting for a user id, pwd and domain. > >In oder to overcome this, I have setup a anonymous site (open to >alll). Users would first hit this site contains a page with an >instance of HttpWebRequest class. This class would make a call to the >protected site with the user's credentials on behalf of the user. If >the user has the correct credentials, then they would be passed to the >protected site else they would be redirected to a login page (NOT the >pop up dialog). In theory this appears to be a good idea to get rid of >the po up dialog. > >However, I am unable to get the suers credentials on the anonymous >site and pass it to the HttpWebRequest. If I use DefaultCredentials, >then the site's user id and password are passed (IUSR_MACHINENAME). Is >it possible to obtain the user credential on the anonymous site or is >there another way to acoomplish this > >Thanks >
You should be able to use Basic authentication (with SSL for safety of
course). Basic authentication headers are easy to build on just about any platform. Plus, you can send them with the original request (pre-authenticate) to avoid the challenge/response. However, if NTLM/Kerberos is required for the Web Service, then Charlie is absolutely right. Joe K. "Charlie Nilsson [MSFT]" <CharlieNilsson_CUTOUT_@hotmail.com> wrote in message news:jg3aZl05DHA.1988@cpmsftngxa07.phx.gbl... [quoted text, click to view] > > Right, Linux machines do not support NTLM natively (though Mozilla *was* > trying to get it to function properly, though I don't think they're working > on that anymore). I'm unaware of any method for getting your Linux > clients to send authentication info along with the HTTP request to IIS (or > respond with the user's correct Windows Domain credentials during challenge > / response). > I'm afraid you'll have to re-think your security settings in IIS. > > > -- > CharlieN > VSU > > This posting is provided "AS IS" with no warranties, and confers no rights. > > Note: For the benefit of the community-at-large, all responses to this > message are best directed to the newsgroup/thread from which they > originated. > > -------------------- > > From: linuxlivz@yahoo.com (LinuxLivz) > > Newsgroups: microsoft.public.dotnet.framework.aspnet.security > > Subject: Re: HttpWebRequest and 401 > > Date: 29 Jan 2004 14:39:35 -0800 > > Organization: http://groups.google.com > > Lines: 73 > > Message-ID: <a5921448.0401291439.4f906760@posting.google.com> > > References: <a5921448.0401290635.240f1498@posting.google.com> > <ngZS9Bp5DHA.1992@cpmsftngxa07.phx.gbl> > > NNTP-Posting-Host: 63.100.172.7 > > Content-Type: text/plain; charset=ISO-8859-1 > > Content-Transfer-Encoding: 8bit > > X-Trace: posting.google.com 1075415976 7022 127.0.0.1 (29 Jan 2004 > 22:39:36 GMT) > > X-Complaints-To: groups-abuse@google.com > > NNTP-Posting-Date: Thu, 29 Jan 2004 22:39:36 +0000 (UTC) > > Path: > cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!cpmsftngxa08.phx.gbl!cpmsftngxa06. > phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de > !t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews1.googl > e.com!not-for-mail > > Xref: cpmsftngxa07.phx.gbl > microsoft.public.dotnet.framework.aspnet.security:8438 > > X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security > > > > CharlieNilsson_CUTOUT_@hotmail.com (Charlie Nilsson [MSFT]) wrote in > message news:<ngZS9Bp5DHA.1992@cpmsftngxa07.phx.gbl>... > > > I think you're confusing authentication types. > > > > > > Read this msdn article, "IIS Authentication" on the subject or search > > > online on msdn. > > > > ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/vsent7/html/vxconIISAuthentic > > > ation.htm > > > > > > At some point, you will need to gather authentication information from > the > > > user (i.e. they will have to enter a username / pwd). Why use two > servers > > > when one will suffice? > > > > > > > > > -------------------------------------------------------------------- > > > This reply is provided AS IS, without warranty (express or implied). > > > > > > > > > -------------------- > > > >From: linuxlivz@yahoo.com (LinuxLivz) > > > >Newsgroups: microsoft.public.dotnet.framework.aspnet.security > > > >Subject: HttpWebRequest and 401 > > > >Date: 29 Jan 2004 06:35:21 -0800 > > > >Organization: http://groups.google.com > > > >Lines: 23 > > > >Message-ID: <a5921448.0401290635.240f1498@posting.google.com> > > > >NNTP-Posting-Host: 63.100.172.7 > > > >Content-Type: text/plain; charset=ISO-8859-1 > > > >Content-Transfer-Encoding: 8bit > > > >X-Trace: posting.google.com 1075386921 4534 127.0.0.1 (29 Jan 2004 > > > 14:35:21 GMT) > > > >X-Complaints-To: groups-abuse@google.com > > > >NNTP-Posting-Date: Thu, 29 Jan 2004 14:35:21 +0000 (UTC) > > > >Path: > > > > cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su > > > > l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po > > > stnews1.google.com!not-for-mail > > > >Xref: cpmsftngxa07.phx.gbl > > > microsoft.public.dotnet.framework.aspnet.security:8423 > > > >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security > > > > > > > >Hello All > > > >Here is what I am attempting to do: > > > > > > > >I have a NTLM protected site. There are some users who are not part of > > > >the domain (visitors) get challenged with a Pop up dialog box > > > >prompting for a user id, pwd and domain. > > > > > > > >In oder to overcome this, I have setup a anonymous site (open to > > > >alll). Users would first hit this site contains a page with an > > > >instance of HttpWebRequest class. This class would make a call to the > > > >protected site with the user's credentials on behalf of the user. If > > > >the user has the correct credentials, then they would be passed to the > > > >protected site else they would be redirected to a login page (NOT the > > > >pop up dialog). In theory this appears to be a good idea to get rid of > > > >the po up dialog. > > > > > > > >However, I am unable to get the suers credentials on the anonymous > > > >site and pass it to the HttpWebRequest. If I use DefaultCredentials, > > > >then the site's user id and password are passed (IUSR_MACHINENAME). Is > > > >it possible to obtain the user credential on the anonymous site or is > > > >there another way to acoomplish this > > > > > > > >Thanks > > > > > > > > > > Thanks for your response. I understand auth types, NTLM works well for > > windows domain acounts, what about other OSes? The thinking is to > > perform auth without the annoyin pop-up dialog. I think, to condense > > the question, it would be can one make the auth pop up dialog go away > > if user is not in a Windows domain > > > > Thaks > > >
Right, Linux machines do not support NTLM natively (though Mozilla *was* trying to get it to function properly, though I don't think they're working on that anymore). I'm unaware of any method for getting your Linux clients to send authentication info along with the HTTP request to IIS (or respond with the user's correct Windows Domain credentials during challenge / response). I'm afraid you'll have to re-think your security settings in IIS. -- CharlieN VSU This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- [quoted text, click to view] > From: linuxlivz@yahoo.com (LinuxLivz) cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!cpmsftngxa08.phx.gbl!cpmsftngxa06.> Newsgroups: microsoft.public.dotnet.framework.aspnet.security > Subject: Re: HttpWebRequest and 401 > Date: 29 Jan 2004 14:39:35 -0800 > Organization: http://groups.google.com > Lines: 73 > Message-ID: <a5921448.0401291439.4f906760@posting.google.com> > References: <a5921448.0401290635.240f1498@posting.google.com> <ngZS9Bp5DHA.1992@cpmsftngxa07.phx.gbl> > NNTP-Posting-Host: 63.100.172.7 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 8bit > X-Trace: posting.google.com 1075415976 7022 127.0.0.1 (29 Jan 2004 22:39:36 GMT) > X-Complaints-To: groups-abuse@google.com > NNTP-Posting-Date: Thu, 29 Jan 2004 22:39:36 +0000 (UTC) > Path: phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de !t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews1.googl e.com!not-for-mail [quoted text, click to view] > Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:8438 > X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security > > CharlieNilsson_CUTOUT_@hotmail.com (Charlie Nilsson [MSFT]) wrote in message news:<ngZS9Bp5DHA.1992@cpmsftngxa07.phx.gbl>... > > I think you're confusing authentication types. > > > > Read this msdn article, "IIS Authentication" on the subject or search > > online on msdn. > > ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/vsent7/html/vxconIISAuthentic > > ation.htm > > > > At some point, you will need to gather authentication information from the > > user (i.e. they will have to enter a username / pwd). Why use two servers > > when one will suffice? > > > > > > -------------------------------------------------------------------- > > This reply is provided AS IS, without warranty (express or implied). > > > > > > -------------------- > > >From: linuxlivz@yahoo.com (LinuxLivz) > > >Newsgroups: microsoft.public.dotnet.framework.aspnet.security > > >Subject: HttpWebRequest and 401 > > >Date: 29 Jan 2004 06:35:21 -0800 > > >Organization: http://groups.google.com > > >Lines: 23 > > >Message-ID: <a5921448.0401290635.240f1498@posting.google.com> > > >NNTP-Posting-Host: 63.100.172.7 > > >Content-Type: text/plain; charset=ISO-8859-1 > > >Content-Transfer-Encoding: 8bit > > >X-Trace: posting.google.com 1075386921 4534 127.0.0.1 (29 Jan 2004 > > 14:35:21 GMT) > > >X-Complaints-To: groups-abuse@google.com > > >NNTP-Posting-Date: Thu, 29 Jan 2004 14:35:21 +0000 (UTC) > > >Path: > > cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su > > l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po > > stnews1.google.com!not-for-mail > > >Xref: cpmsftngxa07.phx.gbl > > microsoft.public.dotnet.framework.aspnet.security:8423 > > >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security > > > > > >Hello All > > >Here is what I am attempting to do: > > > > > >I have a NTLM protected site. There are some users who are not part of > > >the domain (visitors) get challenged with a Pop up dialog box > > >prompting for a user id, pwd and domain. > > > > > >In oder to overcome this, I have setup a anonymous site (open to > > >alll). Users would first hit this site contains a page with an > > >instance of HttpWebRequest class. This class would make a call to the > > >protected site with the user's credentials on behalf of the user. If > > >the user has the correct credentials, then they would be passed to the > > >protected site else they would be redirected to a login page (NOT the > > >pop up dialog). In theory this appears to be a good idea to get rid of > > >the po up dialog. > > > > > >However, I am unable to get the suers credentials on the anonymous > > >site and pass it to the HttpWebRequest. If I use DefaultCredentials, > > >then the site's user id and password are passed (IUSR_MACHINENAME). Is > > >it possible to obtain the user credential on the anonymous site or is > > >there another way to acoomplish this > > > > > >Thanks > > > > > > Thanks for your response. I understand auth types, NTLM works well for > windows domain acounts, what about other OSes? The thinking is to > perform auth without the annoyin pop-up dialog. I think, to condense > the question, it would be can one make the auth pop up dialog go away > if user is not in a Windows domain > > Thaks >
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |