Bypassing windows credentials programmatically

Posted on 2004-08-27
Last Modified: 2012-08-14
Good day. I have a page in WebApplication1 that redirects the users to WebApplication2 (restricted as Integrated Windows Authentication in IIS). As a result, windows prompts the user for credentials. What I would like to happen is that if WebApplication2 will be accessed through WebApplication1, it will not prompt for user credentials (e.g. automatically supply a valid credentials programmatically) else, it will prompt the user for credentials. Is this possible? If it is, could you give me a sample? Thanks in advance.
Question by:Marjorin
  • 3
  • 2
LVL 10

Expert Comment

ID: 11924180
Here is an idea, but I am not sure how well it will work.

In the page in WebApplication1 from which you want to navigate to WebApplication2, place this code (matbe in a button click event):

WebRequest req = HttpWebRequest.Create("{the url for the secured app}");
req.Method = "GET";
req.Credential = new NetworkCredential("username", "password");
WebResponse resp = req.GetResponse();
Stream rs = resp.GetResponseStream();
StreamReader sr = new StreamReader(rs);

The only problem with this sort of thing is that the page in WebApplication1 is basically replaced in the browser with the page from the
secured app.  So if the the secured app, say am IMG tab refers to "Images/someimg.gif" it will try to load that from WebApplication1, not
WebApplication2, so a lot of the secured app target page might not show up right.

Give it a shot and see if doesn't get you thinking in a direction that will accomplish what you're trying to do.

LVL 10

Expert Comment

ID: 11924184
Good grief my typing stinks...  I meant to say "an IMG tag"...


Author Comment

ID: 11986803
I tested your suggestion with two simple applications and it worked fine. However, when I tried it with my WebApplication 1 and 2, it generates a client-side error and the page had been rendered 3 times. I really doesn't have time to debugged it yet. If you're familiar with MSS Reporting Services, my WebApplication2 is the ReportServer.

Other solutions or possible work-around will be greatly appreciated. Thanks.
LVL 10

Accepted Solution

jnhorst earned 100 total points
ID: 11986912
That is not surprising...  When you write a stream to the browser from one page to another you may be writing HTML that assumes client-side resources will be in a certain place on WebApplication2 when in fact the context is still WebApplication1.  As an example, let's say your page in WebApplication2 writes HTML that makes use of a javascript library file (e.g. somefile.js) that is referred to by a relative path like Scripts/somefile.js.  The script block written to the browser would be:

<script language="javascript" src="Scripts/somefile.js"></script>

But since you are executing a Resopnse.Write from WebApplication1, WebAPplication1 is still the context for resolving relative paths, and that Scripts folder and/or the file containing javascript functions may not exist in WebApplication1, and thus you will get client side errors.

Here's a thought, though, with respect to what you are doing (navigating to Reporting Services).  I have worked a little with Reporting Services (more by way of creating and deploying reports, nothing more in depth than that), so I do not know how well this will work, or even if it is possible.  Obviously, the Reporting Services has an aspx page that is used to render reports.  If you can inherit from that page, and add code to restrict access to the page by way of the referring url (see the Request.UrlReferrer uri class for various properties to get this info), then you could make the Reporting Services website accessible without authentication.  The page that inherits from the regaulr Reporting Services page would be the one you would navigate to, and you would kick out any Request that did not come from an approved referring page.

The only restriction this would place on your WebApplication1 is that you would not be able to do Response.Redirect() from code to WebApplication2.  When you navigate with Response.Redirect, Request.UrlReferrer does not contain any info.  You would have to use either regular hyperlinks (<a href="..."></a>), the HyperLink or LInkButton server controls (both render the <a> tag to the browser).  Again, I have no idea if this is even possible or how well it would work in your situation, but it may get you thinking along a profitable path.

Good luck.


Author Comment

ID: 11993188
Well, I guess I have to learn how Reporting Services renders a report so that I can manipulate its security aspects. I also posted this question a month ago to RS Forums but to no avail.

Thanks for the inputs ... I'll see what I can do or cannot do ...

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on could not pull conte…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now