Solved

Bypassing windows credentials programmatically

Posted on 2004-08-27
5
836 Views
Last Modified: 2012-08-14
Good day. I have a page in WebApplication1 that redirects the users to WebApplication2 (restricted as Integrated Windows Authentication in IIS). As a result, windows prompts the user for credentials. What I would like to happen is that if WebApplication2 will be accessed through WebApplication1, it will not prompt for user credentials (e.g. automatically supply a valid credentials programmatically) else, it will prompt the user for credentials. Is this possible? If it is, could you give me a sample? Thanks in advance.
0
Comment
Question by:Marjorin
  • 3
  • 2
5 Comments
 
LVL 10

Expert Comment

by:jnhorst
Comment Utility
Here is an idea, but I am not sure how well it will work.

In the page in WebApplication1 from which you want to navigate to WebApplication2, place this code (matbe in a button click event):

WebRequest req = HttpWebRequest.Create("{the url for the secured app}");
req.Method = "GET";
req.Credential = new NetworkCredential("username", "password");
WebResponse resp = req.GetResponse();
Stream rs = resp.GetResponseStream();
StreamReader sr = new StreamReader(rs);
Response.Write(sr.ReadToEnd());

The only problem with this sort of thing is that the page in WebApplication1 is basically replaced in the browser with the page from the
secured app.  So if the the secured app, say am IMG tab refers to "Images/someimg.gif" it will try to load that from WebApplication1, not
WebApplication2, so a lot of the secured app target page might not show up right.

Give it a shot and see if doesn't get you thinking in a direction that will accomplish what you're trying to do.

John
0
 
LVL 10

Expert Comment

by:jnhorst
Comment Utility
Good grief my typing stinks...  I meant to say "an IMG tag"...

John
0
 

Author Comment

by:Marjorin
Comment Utility
I tested your suggestion with two simple applications and it worked fine. However, when I tried it with my WebApplication 1 and 2, it generates a client-side error and the page had been rendered 3 times. I really doesn't have time to debugged it yet. If you're familiar with MSS Reporting Services, my WebApplication2 is the ReportServer.

Other solutions or possible work-around will be greatly appreciated. Thanks.
0
 
LVL 10

Accepted Solution

by:
jnhorst earned 100 total points
Comment Utility
That is not surprising...  When you write a stream to the browser from one page to another you may be writing HTML that assumes client-side resources will be in a certain place on WebApplication2 when in fact the context is still WebApplication1.  As an example, let's say your page in WebApplication2 writes HTML that makes use of a javascript library file (e.g. somefile.js) that is referred to by a relative path like Scripts/somefile.js.  The script block written to the browser would be:

<script language="javascript" src="Scripts/somefile.js"></script>

But since you are executing a Resopnse.Write from WebApplication1, WebAPplication1 is still the context for resolving relative paths, and that Scripts folder and/or the file containing javascript functions may not exist in WebApplication1, and thus you will get client side errors.

Here's a thought, though, with respect to what you are doing (navigating to Reporting Services).  I have worked a little with Reporting Services (more by way of creating and deploying reports, nothing more in depth than that), so I do not know how well this will work, or even if it is possible.  Obviously, the Reporting Services has an aspx page that is used to render reports.  If you can inherit from that page, and add code to restrict access to the page by way of the referring url (see the Request.UrlReferrer uri class for various properties to get this info), then you could make the Reporting Services website accessible without authentication.  The page that inherits from the regaulr Reporting Services page would be the one you would navigate to, and you would kick out any Request that did not come from an approved referring page.

The only restriction this would place on your WebApplication1 is that you would not be able to do Response.Redirect() from code to WebApplication2.  When you navigate with Response.Redirect, Request.UrlReferrer does not contain any info.  You would have to use either regular hyperlinks (<a href="..."></a>), the HyperLink or LInkButton server controls (both render the <a> tag to the browser).  Again, I have no idea if this is even possible or how well it would work in your situation, but it may get you thinking along a profitable path.

Good luck.

John
0
 

Author Comment

by:Marjorin
Comment Utility
Well, I guess I have to learn how Reporting Services renders a report so that I can manipulate its security aspects. I also posted this question a month ago to RS Forums but to no avail.

Thanks for the inputs ... I'll see what I can do or cannot do ...
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now