Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

HTTPWebRequest returns "(407) Proxy Authentication Required" in  PreAuthenticate

Posted on 2011-03-25
3
Medium Priority
?
3,534 Views
Last Modified: 2012-05-11
Hi All,
We have an already deployed .NET app that PreAuthenticates HttpWebRequest as below:
 
webRequest = (HttpWebRequest)HttpWebRequest.Create(address);
webRequest.Credentials = myCreds;
webRequest.PreAuthenticate = true;
webRequest.Method = "HEAD";
webRequest.Timeout = 10000;
webRequest.AllowWriteStreamBuffering = true;	
#region Proxy settings
WebProxy proxy = new WebProxy(proxyAddress, proxyPort);
proxy.Credentials = new NetworkCredential(cm.FirewallUser, cm.FirewallPassword);
webRequest.Proxy = proxy;
proxy.Credentials = NetworkCredential("domain\\user", "password")
webRequest.Proxy = proxy;
webResponse = (HttpWebResponse)webRequest.GetResponse();

Open in new window


as you can see I specify the proxy user as "domain\\user" since the proxy server does active directory authentication. However, preAuthentication fails with this error:

The remote server returned an error: (407) Proxy Authentication Required

I know the NetworkCredential(username, password, domain) constructor should be used to properly specify the domain name. But, the application is already deployed and I cannot make any changes to it. Does anyone know why supplying the domain name with the user name (i.e. domain\user) does not work? the customer reported that the username/password is not being supply to the proxy server which is strange since the application is setting the proxy credentials

any help?
0
Comment
Question by:hamid441
  • 3
3 Comments
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 35220766
The constructor for NetworkCredential is overloaded to take three parameters:
new NetworkCredential("username", "password", "domain");

Open in new window

0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 35220768
Nevermind...   I missed that part in your post.
0
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 2000 total points
ID: 35220818
Looking at that assembly in Reflector, it appears as though username is, at some point, concatenated with the value of domain (separated by a \ ). Even if you were to leave the domain off, or set it to empty string, the "\" is still being inserted, so what you would end up with internally is something like:

    \username

which AD doesn't like.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question