HttpWebRequest with NTLM not working...

Posted on 2009-04-27
Last Modified: 2013-11-25
I am trying to make an HttpWebRequest from an ASP.Net page on a server called SV-REQ against another IIS7 server called SV-RES.  As a test I have added an entry to the credential cache for each auth type.  When I set IIS to use Digest, Basic, or Negotiate on SV-REQ the code executes fine and I get a valid response from SV-RES confirming that the user credentials are correct.  

However, when I set IIS to use "Windows Authentication" on SV-RES I get back a 401 error.  Looking at the IIS log files I get a 401.2 followed immediately by a 401.1.  I understand why I am getting the 401.2 but the 401.1 doesn't make sense since my code has credentials for each type and should get the appropriate one.  Setting it to only have a single credential type, or even removing the credential cache altogether and passing the credential direct to the request also do not work.  

Any help here would be greatly appreciated.  Hopefully I am just missing something with the credentials bit...

This is the code on SV-REQ that is being executed.  SV-REQ is IIS7 and is configured for ASP.Net 2.0  

1            Dim credCache As CredentialCache = New CredentialCache()
2            Dim mUri As Uri = New Uri("")
3            Dim mreq As HttpWebRequest = WebRequest.Create(mUri.ToString)
4            credCache.Add(mUri, "NTLM", New NetworkCredential(muser, mpass, mdomain))
5            credCache.Add(mUri, "Negotiate", New NetworkCredential(muser, mpass, mdomain))
6            credCache.Add(mUri, "Basic", New NetworkCredential(muser, mpass, mdomain))
7            credCache.Add(mUri, "Digest", New NetworkCredential(muser, mpass, mdomain))
8            mreq.Credentials = credCache
9            Dim mres As HttpWebResponse = mreq.GetResponse

Here is the error I get back from SV-RES from the above code.  SV-RES is also IIS7 configured for ASP.Net 2.0

The remote server returned an error: (401) Unauthorized.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.WebException: The remote server returned an error: (401) Unauthorized.

Source Error:

Line 31:         credCache.Add(mUri, "Digest", New NetworkCredential(muser, mpass, mdomain))
Line 32:         mreq.Credentials = credCache
Line 33:         Dim mres As HttpWebResponse = mreq.GetResponse
Line 34:         Dim sr As StreamReader = New StreamReader(mres.GetResponseStream())
Line 35:         txtResult.Text = sr.ReadToEnd()

Source File: C:\inetpub\httproot\contentscan.aspx.vb    Line: 33

Stack Trace:

[WebException: The remote server returned an error: (401) Unauthorized.]
   System.Net.HttpWebRequest.GetResponse() +1126
   contentscan.Page_Load(Object sender, EventArgs e) in C:\inetpub\httproot\contentscan.aspx.vb:33
   System.Web.UI.Control.OnLoad(EventArgs e) +132
   System.Web.UI.Control.LoadRecursive() +66
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

Question by:lordicarus
    LVL 14

    Expert Comment

    Are you using Proxy Server for data communication?
    LVL 2

    Author Comment

    No proxy.  What you see in the code above is all.  This seems to be an issue where the request is using the account under and not the one I am specifying in the credential cache.  Doesn't make sense.
    LVL 2

    Accepted Solution

    Looks like it is related to this.... I am havent had a chance to test, but this seems to be the resolution.  Wanted to share with anyone else looking to solve the same problem.
    LVL 2

    Author Comment

    I did some digging and it looks like my last post was the resolution.  I have gone into depth and posted the code I was using for this issue.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now