Re: HttpWebRequest and 401

From: LinuxLivz (linuxlivz_at_yahoo.com)
Date: 01/29/04

• Next message: Kenneth: "Re: ASP.NET Impersonation, XmlUrlResolver, and DefaultCredentials"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: ldap or active directory"
• In reply to: Charlie Nilsson [MSFT]: "RE: HttpWebRequest and 401"
• Next in thread: Charlie Nilsson [MSFT]: "Re: HttpWebRequest and 401"
• Reply: Charlie Nilsson [MSFT]: "Re: HttpWebRequest and 401"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 29 Jan 2004 14:39:35 -0800

CharlieNilsson_CUTOUT_@hotmail.com (Charlie Nilsson [MSFT]) wrote in message news:<ngZS9Bp5DHA.1992@cpmsftngxa07.phx.gbl>...
> I think you're confusing authentication types.
>
> Read this msdn article, "IIS Authentication" on the subject or search
> online on msdn.
> ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/vsent7/html/vxconIISAuthentic
> ation.htm
>
> At some point, you will need to gather authentication information from the
> user (i.e. they will have to enter a username / pwd). Why use two servers
> when one will suffice?
>
>
> --------------------------------------------------------------------
> This reply is provided AS IS, without warranty (express or implied).
>
>
> --------------------
> >From: linuxlivz@yahoo.com (LinuxLivz)
> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> >Subject: HttpWebRequest and 401
> >Date: 29 Jan 2004 06:35:21 -0800
> >Organization: http://groups.google.com
> >Lines: 23
> >Message-ID: <a5921448.0401290635.240f1498@posting.google.com>
> >NNTP-Posting-Host: 63.100.172.7
> >Content-Type: text/plain; charset=ISO-8859-1
> >Content-Transfer-Encoding: 8bit
> >X-Trace: posting.google.com 1075386921 4534 127.0.0.1 (29 Jan 2004
> 14:35:21 GMT)
> >X-Complaints-To: groups-abuse@google.com
> >NNTP-Posting-Date: Thu, 29 Jan 2004 14:35:21 +0000 (UTC)
> >Path:
> cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
> l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po
> stnews1.google.com!not-for-mail
> >Xref: cpmsftngxa07.phx.gbl
> microsoft.public.dotnet.framework.aspnet.security:8423
> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> >
> >Hello All
> >Here is what I am attempting to do:
> >
> >I have a NTLM protected site. There are some users who are not part of
> >the domain (visitors) get challenged with a Pop up dialog box
> >prompting for a user id, pwd and domain.
> >
> >In oder to overcome this, I have setup a anonymous site (open to
> >alll). Users would first hit this site contains a page with an
> >instance of HttpWebRequest class. This class would make a call to the
> >protected site with the user's credentials on behalf of the user. If
> >the user has the correct credentials, then they would be passed to the
> >protected site else they would be redirected to a login page (NOT the
> >pop up dialog). In theory this appears to be a good idea to get rid of
> >the po up dialog.
> >
> >However, I am unable to get the suers credentials on the anonymous
> >site and pass it to the HttpWebRequest. If I use DefaultCredentials,
> >then the site's user id and password are passed (IUSR_MACHINENAME). Is
> >it possible to obtain the user credential on the anonymous site or is
> >there another way to acoomplish this
> >
> >Thanks
> >

Thanks for your response. I understand auth types, NTLM works well for
windows domain acounts, what about other OSes? The thinking is to
perform auth without the annoyin pop-up dialog. I think, to condense
the question, it would be can one make the auth pop up dialog go away
if user is not in a Windows domain

Thaks

• Next message: Kenneth: "Re: ASP.NET Impersonation, XmlUrlResolver, and DefaultCredentials"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: ldap or active directory"
• In reply to: Charlie Nilsson [MSFT]: "RE: HttpWebRequest and 401"
• Next in thread: Charlie Nilsson [MSFT]: "Re: HttpWebRequest and 401"
• Reply: Charlie Nilsson [MSFT]: "Re: HttpWebRequest and 401"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: HttpWebRequest and 401 ... Linux machines do not support NTLM natively (though Mozilla *was* ... >> I think you're confusing authentication types. ... This class would make a call to the>>>protected site with the user's credentials on behalf of the user. ... I understand auth types, NTLM works well for> windows domain acounts, what about other OSes? ... (microsoft.public.dotnet.framework.aspnet.security) Re: ISA 2k4 erfordert extra Auth der User ... Wenn Du Basic-Auth eingestellt hast, fragt der ISA nach den Credentials, ... Wenn Du integrierte Auth. ... Prev by Date: ... Next by Date: ... (microsoft.public.de.german.isaserver) Re: Cant connect Project Server 2003 from MS Project Pro 2003 ... I have no problem using Windows ... > Auth to connect via the web ... > Click the Refresh button to try again with different credentials. ... > configuration. ... (microsoft.public.project.pro_and_server) Re: IIS SMTP - is open relay prevented? ... correctness of defensive design for a public-facing web server. ... mean it reuses the same set of credentials for every session. ... that uses HTTP auth, or any internal auth mechanism, that shares the ... pass those most specific credentials to the SMTP server. ... (microsoft.public.inetserver.iis.smtp_nntp) IAS Logging from Cisco Router ... authenication source. ... I can log on successfully with my Windows domain ... credentials. ... The IAS logs seem to only contain the initial authorization records. ... (microsoft.public.win2000.ras_routing)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint