Ask a Question related to ASP.NET Security, Design and Development.
-
Raterus #1
WebClient + Credentials + HTTP 401 Status Codes
Hello,
I'm using the WebClient class to query my webserver to get the contents of a certain page (protected with windows integrated security), I have no problems doing this, but have noticed the WebClient Class does not send the credentials I set until it gets an HTTP 401 return code.
We have just created a program to scan the IIS log files for authentication failures. I've noticed in these logs that the WebClient class actually makes two requests of the webserver, it first tries to get the page without sending the credentials, which fails with a 401 error. It tries immediately afterward, sending the credentials, which my webserver responds with the contents.
I'd really like to configure the WebClient class to send the credentials immediately, and not wait for the 401. Is this possible to do? It's messing up my program that scans the log files for 401 errors!
Thanks,
--Michael
Raterus Guest
-
Issue with JRun, PDF's, and HTTP Status Codes
I've been having an issue where, in our production environment, PDF's report status codes 200, instead of the proper 200 and 206. Our Test/Staging... -
CFMX7 & IIS6 - PDF Status Codes
We're running IIS6 and Coldfusion MX7. I've recently been analyzing our logs with Urchin, and have noticed an odd thing. After we upgraded to... -
error HTTP Status : 500
Hi I get an error in RSL sample: Could not invoke Java compiler, please make sure jikesw is in C:\JRun4/bin or put a JDK bin directory in your... -
HTTP status 401
Hi All, I have a webservice on a win 2003 server and I'm trying to call it from another win2003 server which is hosting my sharepoint portal... -
#19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use
ID: 19113 Comment by: arafuse at bcexplorers dot com Reported By: php_new at jdc dot parodius dot com Status: ... -
Joe Kaplan \(MVP - ADSI\) #2 Re: WebClient + Credentials + HTTP 401 Status Codes
You can do this by setting PreAuthenticate to True on the WebClient. If the
protocol you are using supports it, then that will work. Normally,
PreAuthenticate works with Basic auth though. I don't think it works with
WIA or Digest (not positive though).
Joe K.
"Raterus" <raterus@hotmail.com> wrote in message
news:Ov37AtuDFHA.2600@TK2MSFTNGP09.phx.gbl...
Hello,
I'm using the WebClient class to query my webserver to get the contents of a
certain page (protected with windows integrated security), I have no
problems doing this, but have noticed the WebClient Class does not send the
credentials I set until it gets an HTTP 401 return code.
We have just created a program to scan the IIS log files for authentication
failures. I've noticed in these logs that the WebClient class actually
makes two requests of the webserver, it first tries to get the page without
sending the credentials, which fails with a 401 error. It tries immediately
afterward, sending the credentials, which my webserver responds with the
contents.
I'd really like to configure the WebClient class to send the credentials
immediately, and not wait for the 401. Is this possible to do? It's
messing up my program that scans the log files for 401 errors!
Thanks,
--Michael
Joe Kaplan \(MVP - ADSI\) Guest
-
Raterus #3 Re: WebClient + Credentials + HTTP 401 Status Codes
The WebRequest object has PreAuthenticate, not WebClient. Do you know if there is a way to access the underlying WebRequest object that the WebClient uses? I didn't see a way to do this. Should I scrap the WebClient and just use WebRequest?
Thanks,
--Michael
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:uouiTFvDFHA.2632@TK2MSFTNGP12.phx.gbl...> You can do this by setting PreAuthenticate to True on the WebClient. If the
> protocol you are using supports it, then that will work. Normally,
> PreAuthenticate works with Basic auth though. I don't think it works with
> WIA or Digest (not positive though).
>
> Joe K.
>
> "Raterus" <raterus@hotmail.com> wrote in message
> news:Ov37AtuDFHA.2600@TK2MSFTNGP09.phx.gbl...
> Hello,
>
> I'm using the WebClient class to query my webserver to get the contents of a
> certain page (protected with windows integrated security), I have no
> problems doing this, but have noticed the WebClient Class does not send the
> credentials I set until it gets an HTTP 401 return code.
>
> We have just created a program to scan the IIS log files for authentication
> failures. I've noticed in these logs that the WebClient class actually
> makes two requests of the webserver, it first tries to get the page without
> sending the credentials, which fails with a 401 error. It tries immediately
> afterward, sending the credentials, which my webserver responds with the
> contents.
>
> I'd really like to configure the WebClient class to send the credentials
> immediately, and not wait for the 401. Is this possible to do? It's
> messing up my program that scans the log files for 401 errors!
>
> Thanks,
> --Michael
>
>Raterus Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: WebClient + Credentials + HTTP 401 Status Codes
Oh sorry, missed that. I always just use HttpWebRequest. I'm not even sure
what the WebClient is for.
I'd definitely go in that direction :)
You'll have to mess with the streams yourself, but that isn't such a big
deal.
Joe K.
"Raterus" <raterus@hotmail.com> wrote in message
news:OCx%23SUvDFHA.2756@TK2MSFTNGP15.phx.gbl...
The WebRequest object has PreAuthenticate, not WebClient. Do you know if
there is a way to access the underlying WebRequest object that the WebClient
uses? I didn't see a way to do this. Should I scrap the WebClient and just
use WebRequest?
Thanks,
--Michael
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:uouiTFvDFHA.2632@TK2MSFTNGP12.phx.gbl...> You can do this by setting PreAuthenticate to True on the WebClient. If
> the
> protocol you are using supports it, then that will work. Normally,
> PreAuthenticate works with Basic auth though. I don't think it works with
> WIA or Digest (not positive though).
>
> Joe K.
>
> "Raterus" <raterus@hotmail.com> wrote in message
> news:Ov37AtuDFHA.2600@TK2MSFTNGP09.phx.gbl...
> Hello,
>
> I'm using the WebClient class to query my webserver to get the contents of
> a
> certain page (protected with windows integrated security), I have no
> problems doing this, but have noticed the WebClient Class does not send
> the
> credentials I set until it gets an HTTP 401 return code.
>
> We have just created a program to scan the IIS log files for
> authentication
> failures. I've noticed in these logs that the WebClient class actually
> makes two requests of the webserver, it first tries to get the page
> without
> sending the credentials, which fails with a 401 error. It tries
> immediately
> afterward, sending the credentials, which my webserver responds with the
> contents.
>
> I'd really like to configure the WebClient class to send the credentials
> immediately, and not wait for the 401. Is this possible to do? It's
> messing up my program that scans the log files for 401 errors!
>
> Thanks,
> --Michael
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Raterus #5 Re: WebClient + Credentials + HTTP 401 Status Codes
I modified my code to use WebRequest and set PreAuthenticate=True, and you are right, it still won't preauthenticate with integrated windows authentication. Now i'm wondering why? Would WebRequest be authenticating with Kerberos or NTLM? I'd imagine it is using NTLM, and since that is challenge/response that would make sense why I can't preauthenticate. I don't even want to know what it would take to get WebRequest to use Kerberos!
--Michael
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:%23LZ8gavDFHA.1496@TK2MSFTNGP14.phx.gbl...> Oh sorry, missed that. I always just use HttpWebRequest. I'm not even sure
> what the WebClient is for.
>
> I'd definitely go in that direction :)
>
> You'll have to mess with the streams yourself, but that isn't such a big
> deal.
>
> Joe K.
>
> "Raterus" <raterus@hotmail.com> wrote in message
> news:OCx%23SUvDFHA.2756@TK2MSFTNGP15.phx.gbl...
> The WebRequest object has PreAuthenticate, not WebClient. Do you know if
> there is a way to access the underlying WebRequest object that the WebClient
> uses? I didn't see a way to do this. Should I scrap the WebClient and just
> use WebRequest?
>
> Thanks,
> --Michael
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:uouiTFvDFHA.2632@TK2MSFTNGP12.phx.gbl...>>> You can do this by setting PreAuthenticate to True on the WebClient. If
>> the
>> protocol you are using supports it, then that will work. Normally,
>> PreAuthenticate works with Basic auth though. I don't think it works with
>> WIA or Digest (not positive though).
>>
>> Joe K.
>>
>> "Raterus" <raterus@hotmail.com> wrote in message
>> news:Ov37AtuDFHA.2600@TK2MSFTNGP09.phx.gbl...
>> Hello,
>>
>> I'm using the WebClient class to query my webserver to get the contents of
>> a
>> certain page (protected with windows integrated security), I have no
>> problems doing this, but have noticed the WebClient Class does not send
>> the
>> credentials I set until it gets an HTTP 401 return code.
>>
>> We have just created a program to scan the IIS log files for
>> authentication
>> failures. I've noticed in these logs that the WebClient class actually
>> makes two requests of the webserver, it first tries to get the page
>> without
>> sending the credentials, which fails with a 401 error. It tries
>> immediately
>> afterward, sending the credentials, which my webserver responds with the
>> contents.
>>
>> I'd really like to configure the WebClient class to send the credentials
>> immediately, and not wait for the 401. Is this possible to do? It's
>> messing up my program that scans the log files for 401 errors!
>>
>> Thanks,
>> --Michael
>>
>>
>Raterus Guest
-
Joe Kaplan \(MVP - ADSI\) #6 Re: WebClient + Credentials + HTTP 401 Status Codes
It is the Negotiate protocol, meaning that it will try to user Kerberos
first and will fail over to NTLM if Kerberos can't be negotiated. If both
client and server are Win2K+, Kerberos is probably being used. What I'm not
sure about is if there is an easy way to tell what got used.
I pulled this info on Pre-authentication from the WinHTTP MSDN docs that
might be helpful:
Preauthentication can be used with the following authentication schemes:
a.. Basic - always possible.
b.. Negotiate resolving into Kerberos - very likely possible; the only
exception is when the time-skews are off between the client and the domain
controller.
c.. (Negotiate resolving into NTLM) - never possible.
d.. NTLM - never possible.
e.. Digest - never possible.
f.. Passport - never possible; after the initial challenge-response,
WinHTTP uses cookies to pre-authenticate to Passport.
Joe K.
"Raterus" <raterus@hotmail.com> wrote in message
news:O5Rboo5DFHA.4052@TK2MSFTNGP15.phx.gbl...
I modified my code to use WebRequest and set PreAuthenticate=True, and you
are right, it still won't preauthenticate with integrated windows
authentication. Now i'm wondering why? Would WebRequest be authenticating
with Kerberos or NTLM? I'd imagine it is using NTLM, and since that is
challenge/response that would make sense why I can't preauthenticate. I
don't even want to know what it would take to get WebRequest to use
Kerberos!
--Michael
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:%23LZ8gavDFHA.1496@TK2MSFTNGP14.phx.gbl...> Oh sorry, missed that. I always just use HttpWebRequest. I'm not even
> sure
> what the WebClient is for.
>
> I'd definitely go in that direction :)
>
> You'll have to mess with the streams yourself, but that isn't such a big
> deal.
>
> Joe K.
>
> "Raterus" <raterus@hotmail.com> wrote in message
> news:OCx%23SUvDFHA.2756@TK2MSFTNGP15.phx.gbl...
> The WebRequest object has PreAuthenticate, not WebClient. Do you know if
> there is a way to access the underlying WebRequest object that the
> WebClient
> uses? I didn't see a way to do this. Should I scrap the WebClient and
> just
> use WebRequest?
>
> Thanks,
> --Michael
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:uouiTFvDFHA.2632@TK2MSFTNGP12.phx.gbl...>>> You can do this by setting PreAuthenticate to True on the WebClient. If
>> the
>> protocol you are using supports it, then that will work. Normally,
>> PreAuthenticate works with Basic auth though. I don't think it works
>> with
>> WIA or Digest (not positive though).
>>
>> Joe K.
>>
>> "Raterus" <raterus@hotmail.com> wrote in message
>> news:Ov37AtuDFHA.2600@TK2MSFTNGP09.phx.gbl...
>> Hello,
>>
>> I'm using the WebClient class to query my webserver to get the contents
>> of
>> a
>> certain page (protected with windows integrated security), I have no
>> problems doing this, but have noticed the WebClient Class does not send
>> the
>> credentials I set until it gets an HTTP 401 return code.
>>
>> We have just created a program to scan the IIS log files for
>> authentication
>> failures. I've noticed in these logs that the WebClient class actually
>> makes two requests of the webserver, it first tries to get the page
>> without
>> sending the credentials, which fails with a 401 error. It tries
>> immediately
>> afterward, sending the credentials, which my webserver responds with the
>> contents.
>>
>> I'd really like to configure the WebClient class to send the credentials
>> immediately, and not wait for the 401. Is this possible to do? It's
>> messing up my program that scans the log files for 401 errors!
>>
>> Thanks,
>> --Michael
>>
>>
>
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
