Programmatic access to a password protected web page.

I can reach a https web page only if I provide my user id and password (credentials) -- please see the attached image. I do it with my fingers, the credentials being used are the same that I use for my LAN access. I want to be able to send (as simple as possible, i.e. minimal) Request and get Response from this same page from inside my C# code. I want to get the entire text of this response, including its HTTP headers. The code need not contain either user ID or password. It should be able to "say" something like "Use my current security context credentials".
This code is not a prolem
             HttpWebRequest request = (HttpWebRequest)WebRequest.Create(...);
             HttpWebResponse response = (HttpWebResponse)request.GetResponse();
This one is:
             request.Credentials =

...Please?
             
-.bmp
LVL 1
midfdeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grayeCommented:
Are you in control of this web site.... and are able to change the authentication method being used?
0
midfdeAuthor Commented:
No, I am not.
0
grayeCommented:
OK, then that means you'll have to have the "clear text" password of the current user....  and that's just not possible without prompting the user.

Sorry...
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

midfdeAuthor Commented:
Thanks, graye. ? "Not possible" is very easy to say though. Could you please hint at something convincing? With references?
0
grayeCommented:
Well, that's the way the security system works for Windows... the clear text password is not stored anywhere on the PC.   Instead, a hash is created and sent to the Domain Controler... the DC checks the hash using the same algorithm to see if they match.  If they match a security token is created and sent back to the client.  It's the token that is stored on the PC.

So, since it's never stored anywhere, you can't write a program to retrieve it.   So, you're only real choice is to ask the user to provide the password, then you encrypt it via code and store it somewhere safe.  Then when the user uses your app to get to the web site, you'd decrypt it and send it along.  Quite frankly, that's not really an approach that many folks (including myself) would endorse...

I can't find a quick user authentication article...

0
midfdeAuthor Commented:
'graye. ? "Not'  ->  'graye.  "Not',
Sorry.
0
midfdeAuthor Commented:
>>"...you can't write a program to retrieve it."
Sure, I could not expect or desire I could. All I want is to be able to say "Trust me because I am a user on your LAN that is logged in, and you know this user." This is something similar to "Windows Authentication" in SQL Server (please see the attached image).

This is not just a web site that I am talking about. This is "our" in some respects web site that "knows" about my account. To clarify what I mean consider this scenario. I log on to my LAN with "itsme", "p1" credentials. I go to the Web site in question. I must provide the same "itsme", "p1" credentials. I work with this (SharePoint) site and quit the browser.
Next, I change my LAN password to "P2", I go to the same web page. Now it only accepts my "itsme", "P2" credentials. Thus it "knows" me. ["Single password" policy is essentially violated here.]
-.bmp
0
grayeCommented:
Yes, what you're describing is actually considered the "best practice" in web scenarios such as this.   However, to adopt this approach, you need to make the change AT THE WEB SERVER.... not at the local client PCs.

That's why I asked if you had control over the web site...  If you did, it'd be a trival task to change the authentication method (or prompt for the security token)
0
midfdeAuthor Commented:
Please describe actions on both IIS ("trivial" -- see attached image) and in C# client code (request.Credentials = ...) sides of this communication. I can implement it on my workstation development IIS / MSVS environment, and then, well, negotiate the issue with admins of our QA and production servers.
Any solutions, compromising security (like "basic authentication") are not worth considering in this context.
-.bmp
0
grayeCommented:
Well, just about all you have to do is turn on "Integrated Windows Authentication" (just as you've done) and turn off "Anonymous access". Then configure your browser to put that web site in the Local or Trusted zone.  An easy way to temporarily use the "Local" zone is to use the NetBIOS name of the server instead of the internet name of the server in the URL (such as http://mysite instead of http://www.mysite.com).

After that, you might have to "prime the pump" to force the browser to "refresh" its credentials from the OS (otherwise, in some rare cases it will still prompt the user).  This is typically done with few simple lines of code, something like this:

If Request("REMOTE_USER") = "" Then
    Response.Status = "401 Unauthorized"
End If

Again, after this is done, there's no need to pass any credentials at all in your application... the browser will automagically take care of all of that.
0
midfdeAuthor Commented:
>>configure your browser
What (of 4 that I have on my computer) browser? I am trying to access the aforementioned web page from, well,.. let's say "Console Application" written in C#, remember?
0
grayeCommented:
Yeah, but the same security zones that apply to the browser (OK... Internet Explorer) also apply to applications using HTTP protocols
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
midfdeAuthor Commented:
Than you for your patience graye.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.