Automatically authenticating with a Web proxy
-
I am developing an Internet Explorer bar, much like the Search sidebar. I need to make Web requests, and generally I use mshtml.HTMLDocument for that when I'm retrieving Web pages, but occasionally I need to make a lightweight connection to a Web service, and for that I use WebRequest. The problem is that one of my clients uses an authenticating Web proxy. Apparently they need to login once with the username/password at the beginning of an Internet Explorer session, and from then on they are authenticated. When I'm using HTMLDocument, I don't have any trouble with the proxy as I suspect IE is using the same code. However, when I use WebRequest, I get proxy authentication errors, so I know that I have to authenticate with the proxy. With some testing, I learned that
System.Net.WebProxy proxy = System.Net.WebProxy.GetDefaultProxy(); proxy.Credentials = System.Net.CredentialCache.DefaultCredentials; System.Net.GlobalProxySelection.Select = proxy; System.Net.WebRequest wr = System.Net.WebRequest.Create("http://www...");does not work, but
System.Net.WebProxy proxy = System.Net.WebProxy.GetDefaultProxy(); proxy.Credentials = new System.Net.NetworkCredential(user, password); System.Net.GlobalProxySelection.Select = proxy; System.Net.WebRequest wr = System.Net.WebRequest.Create("http://www...");does. That is, .NET does not automatically detect the user/password pair which was inputted at the beginning of the IE session. The proxy settings seem to be static as GetDefaultProxy() returns the correct proxy address and port, but the credentials are empty. Furthermore, I don't know how I would be able to establish Web connections under the current proxy session within .NET. Since I expect a possible enterprise-wide deployment with this client, and possibly other enterprises, I would like to be able to use the proxy without having to request and maintain the user's proxy password (securely). Does anyone know a way to go about this? If I have to poke around IE's registry settings to get this information, I'll happily do so, although it would be nicer to simply use .NET framework methods (e.g. GetDefaultProxy()). I've been poking around on this topic off and on for the past week or two, and I'm fairly stumped. It seems I may have to request the authentication information during the installation process, but that seems less than ideal. Thanks! Arun
-
I am developing an Internet Explorer bar, much like the Search sidebar. I need to make Web requests, and generally I use mshtml.HTMLDocument for that when I'm retrieving Web pages, but occasionally I need to make a lightweight connection to a Web service, and for that I use WebRequest. The problem is that one of my clients uses an authenticating Web proxy. Apparently they need to login once with the username/password at the beginning of an Internet Explorer session, and from then on they are authenticated. When I'm using HTMLDocument, I don't have any trouble with the proxy as I suspect IE is using the same code. However, when I use WebRequest, I get proxy authentication errors, so I know that I have to authenticate with the proxy. With some testing, I learned that
System.Net.WebProxy proxy = System.Net.WebProxy.GetDefaultProxy(); proxy.Credentials = System.Net.CredentialCache.DefaultCredentials; System.Net.GlobalProxySelection.Select = proxy; System.Net.WebRequest wr = System.Net.WebRequest.Create("http://www...");does not work, but
System.Net.WebProxy proxy = System.Net.WebProxy.GetDefaultProxy(); proxy.Credentials = new System.Net.NetworkCredential(user, password); System.Net.GlobalProxySelection.Select = proxy; System.Net.WebRequest wr = System.Net.WebRequest.Create("http://www...");does. That is, .NET does not automatically detect the user/password pair which was inputted at the beginning of the IE session. The proxy settings seem to be static as GetDefaultProxy() returns the correct proxy address and port, but the credentials are empty. Furthermore, I don't know how I would be able to establish Web connections under the current proxy session within .NET. Since I expect a possible enterprise-wide deployment with this client, and possibly other enterprises, I would like to be able to use the proxy without having to request and maintain the user's proxy password (securely). Does anyone know a way to go about this? If I have to poke around IE's registry settings to get this information, I'll happily do so, although it would be nicer to simply use .NET framework methods (e.g. GetDefaultProxy()). I've been poking around on this topic off and on for the past week or two, and I'm fairly stumped. It seems I may have to request the authentication information during the installation process, but that seems less than ideal. Thanks! Arun
.NET may not - as you've notice - grab the credentials for the authenticating proxy, nor does
WebProxy.GetDefaultProxypick-up dynamic proxy settings (a la script, as many networks use). The default credential cache only works for NTLM, negotiate, and Kerberos authentication. Which does the proxy use? Also keep in mind that any older proxies - like those that may redirect to a login page - are not supported. As far as IE's credentials it grabs for proxy authentication, this information is not stored in shared memory. While your .NET control runs within the IE process, it may not have access to the security context. Only a little testing will tell for sure.Microsoft MVP, Visual C# My Articles
-
.NET may not - as you've notice - grab the credentials for the authenticating proxy, nor does
WebProxy.GetDefaultProxypick-up dynamic proxy settings (a la script, as many networks use). The default credential cache only works for NTLM, negotiate, and Kerberos authentication. Which does the proxy use? Also keep in mind that any older proxies - like those that may redirect to a login page - are not supported. As far as IE's credentials it grabs for proxy authentication, this information is not stored in shared memory. While your .NET control runs within the IE process, it may not have access to the security context. Only a little testing will tell for sure.Microsoft MVP, Visual C# My Articles
I asked my client to talk to his IT. This is the response:
If you are talking about our outgoing proxies used by internal browsers to access the Internet, we use NetApp proxies. The authentication methods allowed are NTLM and Basic Auth. Let me know if this is or is not what you are looking for.
Is that consistent with your comments above? The default credential cache didn't seem to work in my tests.
-
.NET may not - as you've notice - grab the credentials for the authenticating proxy, nor does
WebProxy.GetDefaultProxypick-up dynamic proxy settings (a la script, as many networks use). The default credential cache only works for NTLM, negotiate, and Kerberos authentication. Which does the proxy use? Also keep in mind that any older proxies - like those that may redirect to a login page - are not supported. As far as IE's credentials it grabs for proxy authentication, this information is not stored in shared memory. While your .NET control runs within the IE process, it may not have access to the security context. Only a little testing will tell for sure.Microsoft MVP, Visual C# My Articles
Ugh, sorry about that nasty formatting. Let me try again: I asked my client to talk to his IT. This is the response:
If you are talking about our outgoing proxies used by internal
browsers to access the Internet, we use NetApp proxies. The
authentication methods allowed are NTLM and Basic Auth. Let me
know if this is or is not what you are looking for.Is that consistent with your comments above? The default credential cache didn't seem to work in my tests.
-
I asked my client to talk to his IT. This is the response:
If you are talking about our outgoing proxies used by internal browsers to access the Internet, we use NetApp proxies. The authentication methods allowed are NTLM and Basic Auth. Let me know if this is or is not what you are looking for.
Is that consistent with your comments above? The default credential cache didn't seem to work in my tests.
The big question is how the browsers are configured. Most corporate networks these days seem to use automatic configuration through a script like I mentioned before.
WebProxy.GetDefaultProxywill not pick this information up automatically, so you would have to configure these settings yourself and set the instance of yourWebProxyto theHttpWebRequest.Proxyproperty. If you read about theHttpWebRequest.Proxyproperty in the .NET Framework SDK, you will find more information.Microsoft MVP, Visual C# My Articles