Bypassing windows credentials programmatically

Posted on 2004-08-27
Last Modified: 2012-08-14
Good day. I have a page in WebApplication1 that redirects the users to WebApplication2 (restricted as Integrated Windows Authentication in IIS). As a result, windows prompts the user for credentials. What I would like to happen is that if WebApplication2 will be accessed through WebApplication1, it will not prompt for user credentials (e.g. automatically supply a valid credentials programmatically) else, it will prompt the user for credentials. Is this possible? If it is, could you give me a sample? Thanks in advance.
Question by:Marjorin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 10

Expert Comment

ID: 11924180
Here is an idea, but I am not sure how well it will work.

In the page in WebApplication1 from which you want to navigate to WebApplication2, place this code (matbe in a button click event):

WebRequest req = HttpWebRequest.Create("{the url for the secured app}");
req.Method = "GET";
req.Credential = new NetworkCredential("username", "password");
WebResponse resp = req.GetResponse();
Stream rs = resp.GetResponseStream();
StreamReader sr = new StreamReader(rs);

The only problem with this sort of thing is that the page in WebApplication1 is basically replaced in the browser with the page from the
secured app.  So if the the secured app, say am IMG tab refers to "Images/someimg.gif" it will try to load that from WebApplication1, not
WebApplication2, so a lot of the secured app target page might not show up right.

Give it a shot and see if doesn't get you thinking in a direction that will accomplish what you're trying to do.

LVL 10

Expert Comment

ID: 11924184
Good grief my typing stinks...  I meant to say "an IMG tag"...


Author Comment

ID: 11986803
I tested your suggestion with two simple applications and it worked fine. However, when I tried it with my WebApplication 1 and 2, it generates a client-side error and the page had been rendered 3 times. I really doesn't have time to debugged it yet. If you're familiar with MSS Reporting Services, my WebApplication2 is the ReportServer.

Other solutions or possible work-around will be greatly appreciated. Thanks.
LVL 10

Accepted Solution

jnhorst earned 100 total points
ID: 11986912
That is not surprising...  When you write a stream to the browser from one page to another you may be writing HTML that assumes client-side resources will be in a certain place on WebApplication2 when in fact the context is still WebApplication1.  As an example, let's say your page in WebApplication2 writes HTML that makes use of a javascript library file (e.g. somefile.js) that is referred to by a relative path like Scripts/somefile.js.  The script block written to the browser would be:

<script language="javascript" src="Scripts/somefile.js"></script>

But since you are executing a Resopnse.Write from WebApplication1, WebAPplication1 is still the context for resolving relative paths, and that Scripts folder and/or the file containing javascript functions may not exist in WebApplication1, and thus you will get client side errors.

Here's a thought, though, with respect to what you are doing (navigating to Reporting Services).  I have worked a little with Reporting Services (more by way of creating and deploying reports, nothing more in depth than that), so I do not know how well this will work, or even if it is possible.  Obviously, the Reporting Services has an aspx page that is used to render reports.  If you can inherit from that page, and add code to restrict access to the page by way of the referring url (see the Request.UrlReferrer uri class for various properties to get this info), then you could make the Reporting Services website accessible without authentication.  The page that inherits from the regaulr Reporting Services page would be the one you would navigate to, and you would kick out any Request that did not come from an approved referring page.

The only restriction this would place on your WebApplication1 is that you would not be able to do Response.Redirect() from code to WebApplication2.  When you navigate with Response.Redirect, Request.UrlReferrer does not contain any info.  You would have to use either regular hyperlinks (<a href="..."></a>), the HyperLink or LInkButton server controls (both render the <a> tag to the browser).  Again, I have no idea if this is even possible or how well it would work in your situation, but it may get you thinking along a profitable path.

Good luck.


Author Comment

ID: 11993188
Well, I guess I have to learn how Reporting Services renders a report so that I can manipulate its security aspects. I also posted this question a month ago to RS Forums but to no avail.

Thanks for the inputs ... I'll see what I can do or cannot do ...

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question