+dave164 Subscriber¹ Posted August 19, 2009 Subscriber¹ Share Posted August 19, 2009 Hi there, I'm trying to make a WebRequest in C# to a website that requires credentials. Using the username and password in IE works, but doing it through code doesn't. Maybe I have some misplaced code? public bool WebRequestMethod(string uri) { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); request.Credentials = new NetworkCredential(securelyStoredUserName, securelyStoredPassword); request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequested; HttpWebResponse response = (HttpWebResponse) request.GetResponse(); return false; } Thanks, David. Link to comment Share on other sites More sharing options...
0 Antaris Veteran Posted August 19, 2009 Veteran Share Posted August 19, 2009 Do you get an IOException if you change the AuthenticationLevel to MutualAuthRequired? Link to comment Share on other sites More sharing options...
0 +dave164 Subscriber¹ Posted August 19, 2009 Author Subscriber¹ Share Posted August 19, 2009 I get a WebException saying "The requirement for mutual authentication was not met by the remote server.." Thanks, David. Link to comment Share on other sites More sharing options...
0 AthemeX Posted August 23, 2009 Share Posted August 23, 2009 I think you might find your answer in the Community Content section of the following MSDN Entry: http://msdn.microsoft.com/en-us/library/sy...ationlevel.aspx - When you set the WebRequest.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired property, you will end up seeing the exception on the client which says:System.Net.WebException: The request was canceled ---> System.Net.ProtocolViolationException: The requirement for mutual authentication was not met by the remote server. - However, if you take a System.Net/ Network trace of the request what you will end up seeing is that the client sends the entire request (eg: POST with the entity body), the server processes the entire request and sends a response back to the client and only then, the client gets the exception. - This behavior is by design and is the correct behavior. The reason being: the client cannot guarantee that the mutual authentication has been successful until it receives a "full" response from the server. The client can make a second call to InitializeSecurityContext only after it receives a WWW-Authenticate header with the server's Kerberos token. Only after this happens, it can call QueryContextAttributes to actually see if mutual authentication was successful. - Since the server can respond back with a "full response" only after the entire request is complete, the only way the client can guarantee this is after getting a status code of (4xx or 2xx) from the server; which happens after sending the entity body. - If you want to guarantee that the client & server mutually authenticate with each other, then you can send a dummy/ fake HEAD/ GET request to the server. If there is no mutual Authentication (the client and server talking anything but Kerberos), the HEAD/ GET request will fail with the expected Exception. - You can then decide whether or not to send further POST requests. Link to comment Share on other sites More sharing options...
0 +dave164 Subscriber¹ Posted August 24, 2009 Author Subscriber¹ Share Posted August 24, 2009 Thanks, but that hasn't seemed to help out. I keep trying different things, but it just doesn't seem to want to work. =[ David. Link to comment Share on other sites More sharing options...
Question
+dave164 Subscriber¹
Hi there,
I'm trying to make a WebRequest in C# to a website that requires credentials.
Using the username and password in IE works, but doing it through code doesn't.
Maybe I have some misplaced code?
public bool WebRequestMethod(string uri) { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); request.Credentials = new NetworkCredential(securelyStoredUserName, securelyStoredPassword); request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequested; HttpWebResponse response = (HttpWebResponse) request.GetResponse(); return false; }Thanks,
David.
Link to comment
Share on other sites
4 answers to this question
Recommended Posts