HttpWebRequest return 401, only when credentials are supplied

24 Apr 2009 9:22 PM

asnowfall@gmail.com

I am trying to modify a site that is using FormAuthentication, to
handle Integrated Authentication exclusively.
I have both ASP and ASP.net code: global.asa, authorisation.asp,
Target.aspx, login.aspx(for just FormAut..).

Orginally, flow with FormAuthentication was
a) Target.aspx (starting page, set in IIS mgmt gui)
b) LOGIN gui
c) Target.aspx (launches authorisation.asp through HttpWebRequest)

Even with Integrated Authentication, I would like to keep same code
flow, and I have made following changes to get Integrated
Authentication working.

1) IIS mgmt GUI: disabled 'Anonumous', enabled 'Integrated
Authentication'
2) Chaged web.cnfg
        <authorization>
            <deny users="?"/>
        </authorization>
        <identity impersonate="true" />
        <authentication mode="Windows"/>
3) Gave domain\users the NTFS rights over 'home directory'

After these changes, problem is at stage "c"; Target.aspx is not able
to launch authorisation.asp; GetResponse() fails with 401. And this
web request fails ONLY when I pass credentials(I tried hard coding
it), and works when 'DefaultCredentials', which is all empty.
Here is working code...
HttpWebRequest Req = (HttpWebRequest)HttpWebRequest.Create(url);
Req.Credentials = CredentialCache.DefaultCredentials;
/////Req.Credentials = new NetworkCredential(userName,
"none","dmn1.com"); (uncommenting this will break)
HttpWebResponse webResponse = (HttpWebResponse)Req.GetResponse();

Please let me know what could be the reason for error.

Thanks
Ramesh

28 Apr 2009 6:43 AM

Pankaj

If you have an ASP.NET application with authentication mode set to Windows
then all windows users can access the pages but not without windows logn.
If the resource you are requesting does not allow anonymous access, a 401 is
sent back to the browser.
So in your case I guess your credentials are not transferred from the aspx
page to asp page. Maybe you need to share session state. Check out this
article

http://msdn.microsoft.com/en-us/library/aa479313.aspx

--
pankajgogoi

Show quoteHide quote

"asnowf***@gmail.com" wrote:

> I am trying to modify a site that is using FormAuthentication, to
> handle Integrated Authentication exclusively.
> I have both ASP and ASP.net code: global.asa, authorisation.asp,
> Target.aspx, login.aspx(for just FormAut..).
>
> Orginally, flow with FormAuthentication was
> a) Target.aspx (starting page, set in IIS mgmt gui)
> b) LOGIN gui
> c) Target.aspx (launches authorisation.asp through HttpWebRequest)
>
> Even with Integrated Authentication, I would like to keep same code
> flow, and I have made following changes to get Integrated
> Authentication working.
>
> 1) IIS mgmt GUI: disabled 'Anonumous', enabled 'Integrated
> Authentication'
> 2) Chaged web.cnfg
>         <authorization>
>             <deny users="?"/>
>         </authorization>
>         <identity impersonate="true" />
>         <authentication mode="Windows"/>
> 3) Gave domain\users the NTFS rights over 'home directory'
>
> After these changes, problem is at stage "c"; Target.aspx is not able
> to launch authorisation.asp; GetResponse() fails with 401. And this
> web request fails ONLY when I pass credentials(I tried hard coding
> it), and works when 'DefaultCredentials', which is all empty.
> Here is working code...
> HttpWebRequest Req = (HttpWebRequest)HttpWebRequest.Create(url);
> Req.Credentials = CredentialCache.DefaultCredentials;
> /////Req.Credentials = new NetworkCredential(userName,
> "none","dmn1.com"); (uncommenting this will break)
> HttpWebResponse webResponse = (HttpWebResponse)Req.GetResponse();
>
>
>
> Please let me know what could be the reason for error.
>
> Thanks
> Ramesh
>