NTLM failure

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • John Lee
    #1

    NTLM failure

    Hi,

    I have a virtual directory configured as "integrated windows authentication"
    and "anonymous acccess" is turned off. I can use IE to acccess that page but
    when I try to access the page using

    HttpWebRequest wr = (HttpWebRequest ) System.Net.WebR equest.Create(u rl);
    wr.Credentials = CredentialCache .DefaultCredent ials;
    HttpWebResponse resp = (System.Net.Htt pWebResponse)wr .GetResponse();

    I got "System.Net.Web Exception: The remote server returned an error: (401)
    Unauthorized." error, Any idea why?

    Thanks very much!
    John


    Tags: None
    • Steven Cheng[MSFT]
      #2
      RE: NTLM failure

      Hi John,

      Glad to see you again :-).

      As for the 401 error you encountered when requesting page protected by
      integrated windows authentication through
      HttpWebRequest component, it is because the HttpWebRequest component won't
      automatically provide the client side credential (from the current logon
      user like what IE does). So we need to manually attach the credential if
      the serverside dosn't allow anonymous accessing. For example, the following
      code snippet just provide a credential (NTLM auth schema):

      =============== ======
      NetworkCredenti al myCred = new NetworkCredenti al(
      "username","pas sword","domain or machine name");

      CredentialCache myCache = new CredentialCache ();

      myCache.Add(new Uri("www.contos o.com"), "NTLM", myCred);


      WebRequest wr = WebRequest.Crea te("www.contoso .com");
      wr.Credentials = myCache;
      ...............
      =============== =======

      Here is the MSDN reference on System.Net.Netw orkCredential class:

      Microsoft Learn: Build with answers in reach
      http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemnetnetworkcred
      Find official documentation, practical know-how, and expert guidance for builders working and troubleshooting in Microsoft products.

      entialclasstopi c.asp?frame=tru e

      Hope helps. Thanks,

      Steven Cheng
      Microsoft Online Support

      Get Secure! www.microsoft.com/security
      (This posting is provided "AS IS", with no warranties, and confers no
      rights.)



        Comment

        • John Lee
          #3
          Re: NTLM failure

          Thanks Steven!

          But I need to use the current logon user's credential to access that page
          and
          the following code should work - but it does not work for me:

          wr.Credentials = CredentialCache .DefaultCredent ials;

          Another thing I noticed that might be related, I created a virtual directory
          "test" with "windows integrated authentication" only on a 2003 server
          "server1" with SP1 box.
          step 1. open a new instance of IE, access http://server1/test it will popup
          asking for username/password, type in password and it will work
          2. IF i add http://server1 into local intranet zone, repeat step 1, no popup
          to ask password

          I tested the above scenario on several box and it's consistent. so my
          another question is that when we use HttpWebRequest to access the virtual
          directory by using logon user's network credential - how to configure the
          accessed uri is in local intranet zone from code or it SHOULD grab that
          setting done by IE?

          Thanks!
          John



          "Steven Cheng[MSFT]" <v-schang@online.m icrosoft.com> wrote in message
          news:tZuerc5VFH A.2828@TK2MSFTN GXA01.phx.gbl.. .[color=blue]
          > Hi John,
          >
          > Glad to see you again :-).
          >
          > As for the 401 error you encountered when requesting page protected by
          > integrated windows authentication through
          > HttpWebRequest component, it is because the HttpWebRequest component won't
          > automatically provide the client side credential (from the current logon
          > user like what IE does). So we need to manually attach the credential if
          > the serverside dosn't allow anonymous accessing. For example, the
          > following
          > code snippet just provide a credential (NTLM auth schema):
          >
          > =============== ======
          > NetworkCredenti al myCred = new NetworkCredenti al(
          > "username","pas sword","domain or machine name");
          >
          > CredentialCache myCache = new CredentialCache ();
          >
          > myCache.Add(new Uri("www.contos o.com"), "NTLM", myCred);
          >
          >
          > WebRequest wr = WebRequest.Crea te("www.contoso .com");
          > wr.Credentials = myCache;
          > ..............
          > =============== =======
          >
          > Here is the MSDN reference on System.Net.Netw orkCredential class:
          >
          > http://msdn.microsoft.com/library/en...netnetworkcred
          > entialclasstopi c.asp?frame=tru e
          >
          > Hope helps. Thanks,
          >
          > Steven Cheng
          > Microsoft Online Support
          >
          > Get Secure! www.microsoft.com/security
          > (This posting is provided "AS IS", with no warranties, and confers no
          > rights.)
          >
          >
          >[/color]


            Comment

            • Steven Cheng[MSFT]
              #4
              Re: NTLM failure

              Thanks for your respones John,

              As for the further question you mentioned, here are my understandings:

              1. YES, IE will automatically send the current logon session's credential
              when accessing trusted or intranet zone sites and
              anonymous access is not allowed. We can also verfify this in the IE's
              Tools---->Internet Options--->Security---->certain Zone ---> Custom Level
              setting---> UserAuthenticat ion. Logon

              2.When using HttpWebRequest, it has nothing related to IE setting. So we
              will always need to manually provide the credential when accessing remote
              resouce when require authentication. And yes, the
              System.Net. CredentialCache .DefaultCredent ials contains the current logon
              user's credential (in winform or console app), but if this credential is
              not valid on the remote server, the request will also fail. Different from
              IE( IE will popup authentication dialog to let us input username/password
              when current user is not valid on remote server), using httpwebrequest ,
              there is no such dialog.

              So as for your scenario, I think the problem is your current logon user is
              not a valid account on the remote server. Is your logon user account a
              local account on the machine where you running the httpwebrequest app? If
              so, this account is not valid to the remote server, you need to provide a
              valid account on the remote server , this account can be either of :
              1. A domain account

              2. A duplicated local account which has same username/password on both
              client and server machine.

              Thanks,

              Steven Cheng
              Microsoft Online Support

              Get Secure! www.microsoft.com/security
              (This posting is provided "AS IS", with no warranties, and confers no
              rights.)




                Comment

                Previous template Next
                Working...