Bypassing windows credentials programmatically

Good day. I have a page in WebApplication1 that redirects the users to WebApplication2 (restricted as Integrated Windows Authentication in IIS). As a result, windows prompts the user for credentials. What I would like to happen is that if WebApplication2 will be accessed through WebApplication1, it will not prompt for user credentials (e.g. automatically supply a valid credentials programmatically) else, it will prompt the user for credentials. Is this possible? If it is, could you give me a sample? Thanks in advance.
Who is Participating?
jnhorstConnect With a Mentor Commented:
That is not surprising...  When you write a stream to the browser from one page to another you may be writing HTML that assumes client-side resources will be in a certain place on WebApplication2 when in fact the context is still WebApplication1.  As an example, let's say your page in WebApplication2 writes HTML that makes use of a javascript library file (e.g. somefile.js) that is referred to by a relative path like Scripts/somefile.js.  The script block written to the browser would be:

<script language="javascript" src="Scripts/somefile.js"></script>

But since you are executing a Resopnse.Write from WebApplication1, WebAPplication1 is still the context for resolving relative paths, and that Scripts folder and/or the file containing javascript functions may not exist in WebApplication1, and thus you will get client side errors.

Here's a thought, though, with respect to what you are doing (navigating to Reporting Services).  I have worked a little with Reporting Services (more by way of creating and deploying reports, nothing more in depth than that), so I do not know how well this will work, or even if it is possible.  Obviously, the Reporting Services has an aspx page that is used to render reports.  If you can inherit from that page, and add code to restrict access to the page by way of the referring url (see the Request.UrlReferrer uri class for various properties to get this info), then you could make the Reporting Services website accessible without authentication.  The page that inherits from the regaulr Reporting Services page would be the one you would navigate to, and you would kick out any Request that did not come from an approved referring page.

The only restriction this would place on your WebApplication1 is that you would not be able to do Response.Redirect() from code to WebApplication2.  When you navigate with Response.Redirect, Request.UrlReferrer does not contain any info.  You would have to use either regular hyperlinks (<a href="..."></a>), the HyperLink or LInkButton server controls (both render the <a> tag to the browser).  Again, I have no idea if this is even possible or how well it would work in your situation, but it may get you thinking along a profitable path.

Good luck.

Here is an idea, but I am not sure how well it will work.

In the page in WebApplication1 from which you want to navigate to WebApplication2, place this code (matbe in a button click event):

WebRequest req = HttpWebRequest.Create("{the url for the secured app}");
req.Method = "GET";
req.Credential = new NetworkCredential("username", "password");
WebResponse resp = req.GetResponse();
Stream rs = resp.GetResponseStream();
StreamReader sr = new StreamReader(rs);

The only problem with this sort of thing is that the page in WebApplication1 is basically replaced in the browser with the page from the
secured app.  So if the the secured app, say am IMG tab refers to "Images/someimg.gif" it will try to load that from WebApplication1, not
WebApplication2, so a lot of the secured app target page might not show up right.

Give it a shot and see if doesn't get you thinking in a direction that will accomplish what you're trying to do.

Good grief my typing stinks...  I meant to say "an IMG tag"...

MarjorinAuthor Commented:
I tested your suggestion with two simple applications and it worked fine. However, when I tried it with my WebApplication 1 and 2, it generates a client-side error and the page had been rendered 3 times. I really doesn't have time to debugged it yet. If you're familiar with MSS Reporting Services, my WebApplication2 is the ReportServer.

Other solutions or possible work-around will be greatly appreciated. Thanks.
MarjorinAuthor Commented:
Well, I guess I have to learn how Reporting Services renders a report so that I can manipulate its security aspects. I also posted this question a month ago to RS Forums but to no avail.

Thanks for the inputs ... I'll see what I can do or cannot do ...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.