Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Generate an ICredentials object from HttpContext.Current

Posted on 2009-05-12
3
Medium Priority
?
6,766 Views
Last Modified: 2012-05-06
I have a Solution with two Web Applications.  A page (pageA) in Web Applications A needs to display the content from a page (pageB) in Web Application B.  I set up this up as so:

public class pageA : System.Web.UI.Page
{
protected override Page_Load(object sender,EventArgs e)
{
System.Net.WebClient client = new WebClient();
Stream htmlStream = client.OpenRead("http://localhost/WebApplicationB/pageB.aspx");
Response.Write(new StreamReader(htmlStream).ReadToEnd());
}
}

Everything works fine if WebApplicationB is set up in IIS for anonymous access.  However, I need to set up the site to use Basic Authentication.  When WebApplicationB requires authentication, my code above will throw a WebException saying a 401 unauthorized HTML status code was returned.  This is to be expected as my WebClient object isn't passing any credentials.

If I modify the code as so:
System.Net.WebClient client = new WebClient();
client.Credentials = new NetworkCredential("validUserName","validPassword");

Everything is happy again.  

However, I don't want to hard code a username / password and I don't want to store it in a web.config or other settings file.  Since my WebApplicationA is using the same authentication as WebApplicationB is there a way to get the Identity of the user making the request to WebApplicatioA\PageA and use that to build a NetworkCrendential or ICredentials object?  

In other words,

System.Net.WebClient client = new WebClient();
client.Credentials = (NetworkCredential)HttpContext.Current.Request.User;

Thanks,

PJ
0
Comment
Question by:ppittle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Accepted Solution

by:
dungla earned 1600 total points
ID: 24372343
You should use the DefaultCredentials,which are the credentials of the currently logged on user. To do this, set the UseDefaultCredentials property to true instead of setting this property.
0
 
LVL 18

Assisted Solution

by:carlnorrbom
carlnorrbom earned 400 total points
ID: 24372444
Hi,
I agree with dungla. Because a straight forward implementation of actually retrieving the password for the logged in user would mean to either put some on-the-fly decryption mechanism or storing the passwords in plain text. You also need to allow for password retrieval. See attached code snippets for that type of implementation.
/Carl.

Code-behind:
 
protected override void OnLoad(System.EventArgs e) 
{ 
    System.Net.WebClient client = new System.Net.WebClient(); 
    if (User.Identity.IsAuthenticated) { 
        MembershipUser u = Membership.GetUser(User.Identity.Name); 
        client.Credentials = new Net.NetworkCredential(u.UserName.ToString(), u.GetPassword("PasswordQuestionAnswer")); 
    } 
    Stream htmlStream = client.OpenRead("http://localhost/WebApplicationB/pageB.aspx"); 
    Response.Write(new StreamReader(htmlStream).ReadToEnd()); 
} 
 
Web.Config:
 
  <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType="">
    <providers>
      <clear />
      <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true"
      requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear"
      maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1"
      passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
  </membership>

Open in new window

0
 
LVL 8

Author Closing Comment

by:ppittle
ID: 31580593
Thanks!!  Guess I should have RTFM before posting the question =p
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question