401 Unauthorized when using DefaultCredentials

[Rodrigo Estrada]

Hi all

I hope this is the right newsgroup. I'm having a hard time making a web request from an authenticated process. Here's the scenario
Managed WinForms component hosted in IE, the virtual Directory has Anonymous access disabled and only has Integrated Windows Authentication enabled. When I hit the URL I get challenged for credentials, once I input them I can see the page with my control. The control uses the class WebRequest to make an Http get request for information on the same virtual directory with Integrated Windows Authentication. If I use the following code, everything works as expected

WebRequest req
HttpWebResponse resp
NetworkCredential credential

req = WebRequest.Create("http://localhost/security/GetImage.aspx")
req.PreAuthenticate = true
credential = new NetworkCredential("user", "password", "domain")
req.Credentials = credential
resp = (HttpWebResponse)req.GetResponse()

In my scenario, I don't have access to domain, username and password information, so I have to use the credentials already used by my already authenticated process. In my search I've found that the following code would do the trick

WebRequest req
HttpWebResponse resp

req = WebRequest.Create("http://localhost/security/GetImage.aspx")
req.PreAuthenticate = true
req.Credentials = System.Net.CredentialCache.DefaultCredentials
resp = (HttpWebResponse)req.GetResponse()

But in this case I get an 401 Unauthorized error. Can anybody tell me if I'm doing something wrong and how to solve it

Many TIA

- Rodrigo

[Paul Glavich [MVP - ASP.NET]]

On your server, check the 'Security' event log to see what 'Failure Audits'
are occurring and examine them to see if a particular user is attempting to
logon (and get denied) when you try and access the service. You will either
see a 'failure audit' detailing what user tried to authenticate (and you can
then tell if you are propagating the user correctly) or you wont see
anything at all when it fails, which means it's not using anything to
authenticate as it just gets denied immediately (as no user was supplied).

Not a solution I know, but it does aid in giving you a better idea of whats
going on.

--
- Paul Glavich
Microsoft MVP - ASP.NET


"Rodrigo Estrada" <anonymous@discussions.microsoft.com> wrote in message
news:A29E8F36-F324-40DC-8A05-79ECF578DB34@microsoft.com...

> Hi all:
>
> I hope this is the right newsgroup. I'm having a hard time making a web

request from an authenticated process. Here's the scenario:

> Managed WinForms component hosted in IE, the virtual Directory has

Anonymous access disabled and only has Integrated Windows Authentication
enabled. When I hit the URL I get challenged for credentials, once I input
them I can see the page with my control. The control uses the class
WebRequest to make an Http get request for information on the same virtual
directory with Integrated Windows Authentication. If I use the following
code, everything works as expected:

>
> WebRequest req ;
> HttpWebResponse resp ;
> NetworkCredential credential ;
>
> req = WebRequest.Create("http://localhost/security/GetImage.aspx") ;
> req.PreAuthenticate = true ;
> credential = new NetworkCredential("user", "password", "domain") ;
> req.Credentials = credential ;
> resp = (HttpWebResponse)req.GetResponse() ;
>
> In my scenario, I don't have access to domain, username and password

information, so I have to use the credentials already used by my already
authenticated process. In my search I've found that the following code would
do the trick:

>
> WebRequest req ;
> HttpWebResponse resp ;
>
> req = WebRequest.Create("http://localhost/security/GetImage.aspx") ;
> req.PreAuthenticate = true ;
> req.Credentials = System.Net.CredentialCache.DefaultCredentials ;
> resp = (HttpWebResponse)req.GetResponse() ;
>
> But in this case I get an 401 Unauthorized error. Can anybody tell me if

I'm doing something wrong and how to solve it?

>
> Many TIA.
>
> - Rodrigo