4

I've trying to pass Windows Authentication to a WebProxy, so that a user doesn't have to type in his login data manually. The use case is a proxy server which checks authentication against a LDAP/AD server, while the users have to change their password periodically.

I've got the following code:

private void button1_ClickAsync(object sender, EventArgs e) {
    Url = "http://local.adress/test";
    Execute();
}

private void button2_Click(object sender, EventArgs e) {
    Url = "https://maps.googleapis.com/maps/api/timezone/json";
    Execute();
}

private void Execute() {
    var handler = new HttpClientHandler();
    handler.DefaultProxyCredentials = CredentialCache.DefaultCredentials;
    handler.UseDefaultCredentials = true;
    handler.UseProxy = true;
    handler.Proxy = WebRequest.DefaultWebProxy;
    handler.Proxy.Credentials = new NetworkCredential("mydomainuser", "mydomainpassword");
    //handler.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;

    var client = new HttpClient(handler);
    Task<string> response = TestConnection(client, Url);
}

private async Task<string> TestConnection(HttpClient client, string url) {
    try {
        using (HttpResponseMessage result = await client.GetAsync(url)) {
            string res = await result.Content.ReadAsStringAsync().ConfigureAwait(false);
            Console.WriteLine("content: " + res);
            return result.ToString();
        }
    } catch (Exception e) {
        Console.WriteLine("error: " + e.Message);
        return e.ToString();
    }
}

When defining the credentials manually (as you can see in the Execute method), everythings works as expected. I've checked the proxy log files to be sure the request is really forwarded through the proxy.

Since it's my goal to spare the user to type in his probably periodically changing password, I've tried to pass the credentials via the CredentialCache.DefaultNetworkCredentials (I've also tried CredentialCache.DefaultCredentials). While executing the request the proxy logs an DENIED and my client returns HTTP error code 407.

Am I missing something obvious? I know there are countless questions on this topic but nothing seems to solve this problem.

Improve this question
12
  • Is this a web application or a client side application? If it is a web application hosted on IIS, what is the user under which the app pool is running? Commented Jul 23, 2019 at 8:03
  • It's a client side application running with WinForms under Windows 10, no IIS involved. Commented Jul 23, 2019 at 8:59
  • 1
    Does your proxy support that? Implicit Windows credentials (DefaultNetworkCredentials) are not a user + password. Commented Jul 23, 2019 at 11:45
  • 1
    Credentials represent the user, but that doesn't mean they carry login nor password. Some credentials do contain these, but others don't. Check this out: if you want to use Windows auth, your proxy must support it. Commented Jul 23, 2019 at 14:04
  • 1
    Thanks but I really didn't do much :-), in fact you just answer yourself if you found a way to make it work or found a workaround Commented Jul 29, 2019 at 16:43

1 Answer 1

Reset to default
3
+25

You have to define proxy and main URL in code.

var TARGETURL = "http://en.wikipedia.org/";

HttpClientHandler handler = new HttpClientHandler()
{
    Proxy = new WebProxy("http://127.0.0.1:8888"),
    UseProxy = true,
};

try this.

handler.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
handler.Credentials = CredentialCache.DefaultNetworkCredentials;

ok so your webserivces uses windows authentication. Your desktop client is working under your credential you need impersonation https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.windowsidentity.impersonate?view=netframework-4.8

check this if it works for you if it is basic authentication.

HttpClient client = new HttpClient(handler);

            **var byteArray = Encoding.ASCII.GetBytes("username:password1234");**


**client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", Convert.ToBase64String(byteArray));**
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Both options Proxy = new WebProxy("http://127.0.0.1:8888") and handler.Proxy = WebRequest.DefaultWebProxy; do work when defining the credentials manually like you can see in my example above. I've checked the proxy log files to confirm this. When using CredentialCache.DefaultNetworkCredentials it doesn't, but I want it to. I think the problem is made while setting the credentials.
check your application pool identity try changing that credentials to the new account. you can place credentials in web.config too. In my case Proxy = new WebProxy("127.0.0.1:8888") works handler.Proxy = WebRequest.DefaultWebProxy; does not worked.
try handler.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials; handler.Credentials = CredentialCache.DefaultNetworkCredentials;
There's no IIS involved. Like stated in the question, I try to pass the Windows Authentication Credentials.
if you want to run a desktop client you have to use impersonation learn.microsoft.com/en-us/dotnet/api/…
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.