|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to negotiate authenication with HttpWebRequestBasically it attempts to connect without authentication and if that fails, it is to attempt supplied and/or default credentials. It does not work. If I capture the traffic on the network, the code below only results in 1 GET Request being sent to the server even though it does go through the loop and the call to wc_request.GetResponse() is done 3 times as expected. See line with <------ If I remove the null and use CredentialCache.DefaultCredentials it works on the first pass through the loop, but I don't really want to do that. What are the correct steps to get the HttpWebRequest to actually send the 2nd and 3rd GET Request packets? (PS. Are the error_response.Close() actually doing anything useful?) private void TryConnect () { HttpWebResponse error_response; bool authorized = false; while (! authorized) { try { if (Authorization == ConnectAuthorization_Type.CA_Provided) if (Credentials != null) wc_request.Credentials = Credentials; else { Authorization = ConnectAuthorization_Type.CA_Default; wc_request.Credentials = CredentialCache.DefaultCredentials; } else if (Authorization == ConnectAuthorization_Type.CA_Default) wc_request.Credentials = CredentialCache.DefaultCredentials; else wc_request.Credentials = null; //CredentialCache.DefaultCredentials; <--------- wc_response = (HttpWebResponse)(wc_request.GetResponse()); authorized = true; } catch (WebException ex) { if (ex.Status == WebExceptionStatus.ProtocolError) { error_response = (HttpWebResponse)ex.Response; if (error_response.StatusCode == HttpStatusCode.Unauthorized) { if (Authorization == ConnectAuthorization_Type.CA_Default) { error_response.Close(); throw ex; } if (Authorization == ConnectAuthorization_Type.CA_None) { error_response.Close(); Authorization = ConnectAuthorization_Type.CA_Provided; } else if (Authorization == ConnectAuthorization_Type.CA_Provided) { error_response.Close(); Authorization = ConnectAuthorization_Type.CA_Default; } continue; } } throw ex; } } } /* method WebConnect TryConnect */ ------------------------------------------- Roy Chastain KMSystems, Inc. Hi Roy,
We have reviewed this issue and are currently researching on it. We will update you ASAP. Thanks for your patience! Kevin Yu ======= "This posting is provided "AS IS" with no warranties, and confers no rights." Hi Roy,
As for the HttpWebRequest, it will automatically do the 1,2,3 requests internally if we supply the Credentials to the Credentials property. In fact, we can use some trace tools(such as the Soaptoolkit's trace utility) to montior the underlying connection. By default, since the "PreAuthenticate" is set to false, when we provide a valid credential, the httpwebrequest will send the 3 Get Requests, anonymous, authentiate with credentials, and actual request(with data returned). If the "PreAuthenticate" is set to false , only 2nd and 3rd will occur. So if you need to prevent the Httpwebrequet from auto send ing authenticate credentials (the 2nd get request), you should keep the Credentials property as null. Thanks & Regards, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) Well, this does still not quite solve the problem. I really would like to just attempt the default credentials and then try some
other credentials if the default credentials fail. I believe the bottom line question is how do I 'reset', the HttpWebRequest object so that it will try everything again. Thanks On Mon, 21 Feb 2005 07:00:21 GMT, v-sch***@online.microsoft.com (Steven Cheng[MSFT]) wrote: Show quoteHide quote >Hi Roy, -------------------------------------------> >As for the HttpWebRequest, it will automatically do the 1,2,3 requests >internally if we supply the Credentials to the Credentials property. In >fact, we can use some trace tools(such as the Soaptoolkit's trace utility) >to montior the underlying connection. By default, since the >"PreAuthenticate" is set to false, when we provide a valid credential, the >httpwebrequest will send the 3 Get Requests, anonymous, authentiate with >credentials, and actual request(with data returned). If the >"PreAuthenticate" is set to false , only 2nd and 3rd will occur. > >So if you need to prevent the Httpwebrequet from auto send ing authenticate >credentials (the 2nd get request), you should keep the Credentials property >as null. > >Thanks & Regards, > >Steven Cheng >Microsoft Online Support > >Get Secure! www.microsoft.com/security >(This posting is provided "AS IS", with no warranties, and confers no >rights.) > > > Roy Chastain KMSystems, Inc. Hi Roy,
Thanks for your followup. When we attache the default credentials and send request , if fails, we should close that request and then construct a new httpwebrequest object and attach the new credential. If we still use the former one, the credential will remain the old one and the request may fail again. Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.)  
Other interesting topics
Reversing text in TreeView nodes
Reading Text datatype into a byte Array Strange behaviour with .NET apps with Framework 2.0 Deserialization constructor Exception with HttpWebRequest.GetResponse Writing a windows service with a socket interface. Dynamicly refrence a .NET DLL State of Objects... Accessing information on IIS programatically limits for filestreams (C#) |
|||||||||||||||||||||||
