• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6965
  • Last Modified:

Generate an ICredentials object from HttpContext.Current

I have a Solution with two Web Applications.  A page (pageA) in Web Applications A needs to display the content from a page (pageB) in Web Application B.  I set up this up as so:

public class pageA : System.Web.UI.Page
{
protected override Page_Load(object sender,EventArgs e)
{
System.Net.WebClient client = new WebClient();
Stream htmlStream = client.OpenRead("http://localhost/WebApplicationB/pageB.aspx");
Response.Write(new StreamReader(htmlStream).ReadToEnd());
}
}

Everything works fine if WebApplicationB is set up in IIS for anonymous access.  However, I need to set up the site to use Basic Authentication.  When WebApplicationB requires authentication, my code above will throw a WebException saying a 401 unauthorized HTML status code was returned.  This is to be expected as my WebClient object isn't passing any credentials.

If I modify the code as so:
System.Net.WebClient client = new WebClient();
client.Credentials = new NetworkCredential("validUserName","validPassword");

Everything is happy again.  

However, I don't want to hard code a username / password and I don't want to store it in a web.config or other settings file.  Since my WebApplicationA is using the same authentication as WebApplicationB is there a way to get the Identity of the user making the request to WebApplicatioA\PageA and use that to build a NetworkCrendential or ICredentials object?  

In other words,

System.Net.WebClient client = new WebClient();
client.Credentials = (NetworkCredential)HttpContext.Current.Request.User;

Thanks,

PJ
0
ppittle
Asked:
ppittle
2 Solutions
 
dunglaCommented:
You should use the DefaultCredentials,which are the credentials of the currently logged on user. To do this, set the UseDefaultCredentials property to true instead of setting this property.
0
 
carlnorrbomCommented:
Hi,
I agree with dungla. Because a straight forward implementation of actually retrieving the password for the logged in user would mean to either put some on-the-fly decryption mechanism or storing the passwords in plain text. You also need to allow for password retrieval. See attached code snippets for that type of implementation.
/Carl.

Code-behind:
 
protected override void OnLoad(System.EventArgs e) 
{ 
    System.Net.WebClient client = new System.Net.WebClient(); 
    if (User.Identity.IsAuthenticated) { 
        MembershipUser u = Membership.GetUser(User.Identity.Name); 
        client.Credentials = new Net.NetworkCredential(u.UserName.ToString(), u.GetPassword("PasswordQuestionAnswer")); 
    } 
    Stream htmlStream = client.OpenRead("http://localhost/WebApplicationB/pageB.aspx"); 
    Response.Write(new StreamReader(htmlStream).ReadToEnd()); 
} 
 
Web.Config:
 
  <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType="">
    <providers>
      <clear />
      <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true"
      requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear"
      maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1"
      passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
  </membership>

Open in new window

0
 
ppittleAuthor Commented:
Thanks!!  Guess I should have RTFM before posting the question =p
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now