Hello,
I have been desperately trying to programmatically authenticate a windows
user, create their credentials, and then redirect them to a different server
while passing the credentials at the same time so that they don't have to
login again.
Specifically, I have two webservers in the same domain. When I have a user
go to Webserver A (which uses basic authentication) I programmatically
create either a user credential or impersonate a user context (for now it's
hardcoded, but in the future it would be entered in forms). Then, I want to
let that user access a page on Webserver B (which uses basic
authentication), but I don't want them to have to login again -- rather, I
want to use the user context that I programmatically created on Webserver A.
For instance, here is an example of the code I use to create the user
credentials:
Dim strURI = "http://www.whatever.com"
Dim myCred As New NetworkCredential("userid", "password", "domain")
Dim myURI As New Uri(strURI)
Dim myCache As New CredentialCache
myCache.Add(myURI, "Basic", myCred)
From this, I have attempted to use WebRequests and WebResponses to somehow
allow me to direct the browser to a different page, and use the credential I
have generated. The most I can do, however, is create the request and
receive the response:
Dim myWebRequest As System.Net.WebRequest =
System.Net.WebRequest.Create(strURI)
myWebRequest.Credentials = myCache
Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
If only I could use the response.redirect method, and somehow pass the
credentials with the redirection (like you can with the webrequest), it
could work!
I have also attempted to use the LogonUser API (from the advapi32.dll), and
impersonate a user based on the proper logon information -- this works, and
I'm able to successfully impersonate the user, but again, I don't know how
to pass along the user context to a different page.
I know that many people will say "just use form based authentication," but
this will not work for me, as I want this to work with tools like Outlook
Web Access, which requires windows authentication.
Any help would be greatly appreciated. Thank you!!
Wade
7  2508 
while your only option is to use redirect to http://username:pa******@somesite.com (if using basic), I wouldn't do that
either.
anything else -- can't do.
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:OU**************@TK2MSFTNGP10.phx.gbl... Hello,
I have been desperately trying to programmatically authenticate a windows
user, create their credentials, and then redirect them to a different
server while passing the credentials at the same time so that they don't have to
login again.
Specifically, I have two webservers in the same domain. When I have a
user go to Webserver A (which uses basic authentication) I programmatically
create either a user credential or impersonate a user context (for now
it's hardcoded, but in the future it would be entered in forms). Then, I want
to let that user access a page on Webserver B (which uses basic
authentication), but I don't want them to have to login again -- rather, I
want to use the user context that I programmatically created on Webserver
A.
For instance, here is an example of the code I use to create the user
credentials:
Dim strURI = "http://www.whatever.com"
Dim myCred As New NetworkCredential("userid", "password", "domain")
Dim myURI As New Uri(strURI)
Dim myCache As New CredentialCache
myCache.Add(myURI, "Basic", myCred)
From this, I have attempted to use WebRequests and WebResponses to somehow
allow me to direct the browser to a different page, and use the credential
I have generated. The most I can do, however, is create the request and
receive the response:
Dim myWebRequest As System.Net.WebRequest =
System.Net.WebRequest.Create(strURI)
myWebRequest.Credentials = myCache
Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
If only I could use the response.redirect method, and somehow pass the
credentials with the redirection (like you can with the webrequest), it
could work!
I have also attempted to use the LogonUser API (from the advapi32.dll),
and impersonate a user based on the proper logon information -- this works,
and I'm able to successfully impersonate the user, but again, I don't know how
to pass along the user context to a different page.
I know that many people will say "just use form based authentication,"
but this will not work for me, as I want this to work with tools like Outlook
Web Access, which requires windows authentication.
Any help would be greatly appreciated. Thank you!!
Wade
if they are your own servers, you could set up a webservice to transfer
session info back and forth...
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:OU**************@TK2MSFTNGP10.phx.gbl... Hello,
I have been desperately trying to programmatically authenticate a windows
user, create their credentials, and then redirect them to a different
server while passing the credentials at the same time so that they don't have to
login again.
Specifically, I have two webservers in the same domain. When I have a
user go to Webserver A (which uses basic authentication) I programmatically
create either a user credential or impersonate a user context (for now
it's hardcoded, but in the future it would be entered in forms). Then, I want
to let that user access a page on Webserver B (which uses basic
authentication), but I don't want them to have to login again -- rather, I
want to use the user context that I programmatically created on Webserver
A.
For instance, here is an example of the code I use to create the user
credentials:
Dim strURI = "http://www.whatever.com"
Dim myCred As New NetworkCredential("userid", "password", "domain")
Dim myURI As New Uri(strURI)
Dim myCache As New CredentialCache
myCache.Add(myURI, "Basic", myCred)
From this, I have attempted to use WebRequests and WebResponses to somehow
allow me to direct the browser to a different page, and use the credential
I have generated. The most I can do, however, is create the request and
receive the response:
Dim myWebRequest As System.Net.WebRequest =
System.Net.WebRequest.Create(strURI)
myWebRequest.Credentials = myCache
Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
If only I could use the response.redirect method, and somehow pass the
credentials with the redirection (like you can with the webrequest), it
could work!
I have also attempted to use the LogonUser API (from the advapi32.dll),
and impersonate a user based on the proper logon information -- this works,
and I'm able to successfully impersonate the user, but again, I don't know how
to pass along the user context to a different page.
I know that many people will say "just use form based authentication,"
but this will not work for me, as I want this to work with tools like Outlook
Web Access, which requires windows authentication.
Any help would be greatly appreciated. Thank you!!
Wade
Huh!
I never you could do that to pass login information to a site with basic
authentication. Is there a name for that? Something that would allow me to
look it up in MSDN? I wonder what the security considerations are. If used
with SSL, is it safe? Etc.
Thanks for the idea, though ... I'll look into it some more.
Wade
"Rad" <as*******@hot.spam.mail.com> wrote in message
news:hj**********************@twister.southeast.rr .com... while your only option is to use redirect to
http://username:pa******@somesite.com (if using basic), I wouldn't do that
either.
anything else -- can't do.
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:OU**************@TK2MSFTNGP10.phx.gbl... Hello,
I have been desperately trying to programmatically authenticate a
windows user, create their credentials, and then redirect them to a different server while passing the credentials at the same time so that they don't have
to login again.
Specifically, I have two webservers in the same domain. When I have a
user go to Webserver A (which uses basic authentication) I programmatically
create either a user credential or impersonate a user context (for now
it's hardcoded, but in the future it would be entered in forms). Then, I
want to let that user access a page on Webserver B (which uses basic
authentication), but I don't want them to have to login again -- rather,
I want to use the user context that I programmatically created on
Webserver A.
For instance, here is an example of the code I use to create the user
credentials:
Dim strURI = "http://www.whatever.com"
Dim myCred As New NetworkCredential("userid", "password", "domain")
Dim myURI As New Uri(strURI)
Dim myCache As New CredentialCache
myCache.Add(myURI, "Basic", myCred)
From this, I have attempted to use WebRequests and WebResponses to
somehow allow me to direct the browser to a different page, and use the
credential I have generated. The most I can do, however, is create the request and
receive the response:
Dim myWebRequest As System.Net.WebRequest =
System.Net.WebRequest.Create(strURI)
myWebRequest.Credentials = myCache
Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
If only I could use the response.redirect method, and somehow pass the
credentials with the redirection (like you can with the webrequest), it
could work!
I have also attempted to use the LogonUser API (from the advapi32.dll),
and impersonate a user based on the proper logon information -- this works,
and I'm able to successfully impersonate the user, but again, I don't know
how to pass along the user context to a different page.
I know that many people will say "just use form based authentication,"
but this will not work for me, as I want this to work with tools like
Outlook Web Access, which requires windows authentication.
Any help would be greatly appreciated. Thank you!!
Wade
Okay, as I've been playing with the method you mentioned, I've noted the
following.
If I create a login form, and then programmatically create a URL string, and
then redirect to that URL, it prompts me to login. However, if I register a
vbscript that uses window.location to redirect the user to this script, it
doesn't. Does the response.redirect not work?
For example, this is what I use for the response.redirect:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
response.redirect(strURL)
That doesn't work, and it prompts me to login.
However, I can get the following to work fine:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
Dim txtScript as new System.Text.StringBuilder
txtScript.Append(vbCr & "<script language=vbscript>")
txtScript.Append(vbCr & "window.location = """ & strURL & """")
txtScript.Append(vbCr & "</script>" & vbCr & vbCr)
Page.RegisterStartupScript("redirect", txtScript.ToString)
When I redirect from the client, this works fine. Additionally, if I simply
type in the address into the browser, it works properly.
Any ideas? Will I have to do this from the client?
Thanks,
Wade
"Rad" <as*******@hot.spam.mail.com> wrote in message
news:hj**********************@twister.southeast.rr .com... while your only option is to use redirect to
http://username:pa******@somesite.com (if using basic), I wouldn't do that
either.
anything else -- can't do.
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:OU**************@TK2MSFTNGP10.phx.gbl... Hello,
I have been desperately trying to programmatically authenticate a
windows user, create their credentials, and then redirect them to a different server while passing the credentials at the same time so that they don't have
to login again.
Specifically, I have two webservers in the same domain. When I have a
user go to Webserver A (which uses basic authentication) I programmatically
create either a user credential or impersonate a user context (for now
it's hardcoded, but in the future it would be entered in forms). Then, I
want to let that user access a page on Webserver B (which uses basic
authentication), but I don't want them to have to login again -- rather,
I want to use the user context that I programmatically created on
Webserver A.
For instance, here is an example of the code I use to create the user
credentials:
Dim strURI = "http://www.whatever.com"
Dim myCred As New NetworkCredential("userid", "password", "domain")
Dim myURI As New Uri(strURI)
Dim myCache As New CredentialCache
myCache.Add(myURI, "Basic", myCred)
From this, I have attempted to use WebRequests and WebResponses to
somehow allow me to direct the browser to a different page, and use the
credential I have generated. The most I can do, however, is create the request and
receive the response:
Dim myWebRequest As System.Net.WebRequest =
System.Net.WebRequest.Create(strURI)
myWebRequest.Credentials = myCache
Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
If only I could use the response.redirect method, and somehow pass the
credentials with the redirection (like you can with the webrequest), it
could work!
I have also attempted to use the LogonUser API (from the advapi32.dll),
and impersonate a user based on the proper logon information -- this works,
and I'm able to successfully impersonate the user, but again, I don't know
how to pass along the user context to a different page.
I know that many people will say "just use form based authentication,"
but this will not work for me, as I want this to work with tools like
Outlook Web Access, which requires windows authentication.
Any help would be greatly appreciated. Thank you!!
Wade
I don't like this approach (of passing credentials like this) at all.. it's
visible in the address bar.. so I'm not sure this is really a good idea.
it's an HTTP thingie.. so you would want to look at it there.. MSDN may have
it.. but may not...
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:uU**************@TK2MSFTNGP12.phx.gbl... Okay, as I've been playing with the method you mentioned, I've noted the
following.
If I create a login form, and then programmatically create a URL string,
and then redirect to that URL, it prompts me to login. However, if I register
a vbscript that uses window.location to redirect the user to this script, it
doesn't. Does the response.redirect not work?
For example, this is what I use for the response.redirect:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
response.redirect(strURL)
That doesn't work, and it prompts me to login.
However, I can get the following to work fine:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
Dim txtScript as new System.Text.StringBuilder
txtScript.Append(vbCr & "<script language=vbscript>")
txtScript.Append(vbCr & "window.location = """ & strURL & """")
txtScript.Append(vbCr & "</script>" & vbCr & vbCr)
Page.RegisterStartupScript("redirect", txtScript.ToString)
When I redirect from the client, this works fine. Additionally, if I
simply type in the address into the browser, it works properly.
Any ideas? Will I have to do this from the client?
Thanks,
Wade
"Rad" <as*******@hot.spam.mail.com> wrote in message
news:hj**********************@twister.southeast.rr .com... while your only option is to use redirect to
http://username:pa******@somesite.com (if using basic), I wouldn't do
that either.
anything else -- can't do.
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:OU**************@TK2MSFTNGP10.phx.gbl... Hello,
I have been desperately trying to programmatically authenticate a windows user, create their credentials, and then redirect them to a different server while passing the credentials at the same time so that they don't have to login again.
Specifically, I have two webservers in the same domain. When I have a
user go to Webserver A (which uses basic authentication) I programmatically
create either a user credential or impersonate a user context (for now
it's hardcoded, but in the future it would be entered in forms). Then, I want to let that user access a page on Webserver B (which uses basic
authentication), but I don't want them to have to login again --
rather, I want to use the user context that I programmatically created on Webserver A.
For instance, here is an example of the code I use to create the user
credentials:
Dim strURI = "http://www.whatever.com"
Dim myCred As New NetworkCredential("userid", "password",
"domain") Dim myURI As New Uri(strURI)
Dim myCache As New CredentialCache
myCache.Add(myURI, "Basic", myCred)
From this, I have attempted to use WebRequests and WebResponses to
somehow allow me to direct the browser to a different page, and use the credential I have generated. The most I can do, however, is create the request and
receive the response:
Dim myWebRequest As System.Net.WebRequest =
System.Net.WebRequest.Create(strURI)
myWebRequest.Credentials = myCache
Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
If only I could use the response.redirect method, and somehow pass the
credentials with the redirection (like you can with the webrequest),
it could work!
I have also attempted to use the LogonUser API (from the
advapi32.dll), and impersonate a user based on the proper logon information -- this
works, and I'm able to successfully impersonate the user, but again, I don't know
how to pass along the user context to a different page.
I know that many people will say "just use form based authentication,"
but this will not work for me, as I want this to work with tools like Outlook Web Access, which requires windows authentication.
Any help would be greatly appreciated. Thank you!!
Wade
See, I do not experience it displaying in the address bar. I have not been
able to find anything in MSDN concerning this, but I started to think that
all this method does is mimic what basic authentication does -- I mean,
basic authentication is unencrypted, clear text. Is employing this method
any different than using basic authentication? In both cases, obviously, it
would be worthwhile to encrypt using SSL.
I still wish I understood why this solution would not work if redirected
from the server, via response.redirect, but will if it is redirected at the
client. Even if this isn't a good solution, I'd like to know the answer to
that.
"Rad" <as*******@hot.spam.mail.com> wrote in message
news:or***********************@twister.southeast.r r.com... I don't like this approach (of passing credentials like this) at all..
it's visible in the address bar.. so I'm not sure this is really a good idea.
it's an HTTP thingie.. so you would want to look at it there.. MSDN may
have it.. but may not...
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:uU**************@TK2MSFTNGP12.phx.gbl... Okay, as I've been playing with the method you mentioned, I've noted the
following.
If I create a login form, and then programmatically create a URL string, and then redirect to that URL, it prompts me to login. However, if I
register a vbscript that uses window.location to redirect the user to this script,
it doesn't. Does the response.redirect not work?
For example, this is what I use for the response.redirect:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
response.redirect(strURL)
That doesn't work, and it prompts me to login.
However, I can get the following to work fine:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
Dim txtScript as new System.Text.StringBuilder
txtScript.Append(vbCr & "<script language=vbscript>")
txtScript.Append(vbCr & "window.location = """ & strURL & """")
txtScript.Append(vbCr & "</script>" & vbCr & vbCr)
Page.RegisterStartupScript("redirect", txtScript.ToString)
When I redirect from the client, this works fine. Additionally, if I
simply type in the address into the browser, it works properly.
Any ideas? Will I have to do this from the client?
Thanks,
Wade
"Rad" <as*******@hot.spam.mail.com> wrote in message
news:hj**********************@twister.southeast.rr .com... while your only option is to use redirect to
http://username:pa******@somesite.com (if using basic), I wouldn't do that either.
anything else -- can't do.
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:OU**************@TK2MSFTNGP10.phx.gbl...
> Hello,
>
> I have been desperately trying to programmatically authenticate a
windows > user, create their credentials, and then redirect them to a
different server
> while passing the credentials at the same time so that they don't
have to > login again.
>
> Specifically, I have two webservers in the same domain. When I have
a user
> go to Webserver A (which uses basic authentication) I
programmatically > create either a user credential or impersonate a user context (for
now it's
> hardcoded, but in the future it would be entered in forms). Then, I
want to
> let that user access a page on Webserver B (which uses basic
> authentication), but I don't want them to have to login again -- rather, I > want to use the user context that I programmatically created on
Webserver A.
>
> For instance, here is an example of the code I use to create the
user > credentials:
>
> Dim strURI = "http://www.whatever.com"
> Dim myCred As New NetworkCredential("userid", "password",
"domain") > Dim myURI As New Uri(strURI)
> Dim myCache As New CredentialCache
> myCache.Add(myURI, "Basic", myCred)
>
> From this, I have attempted to use WebRequests and WebResponses to
somehow > allow me to direct the browser to a different page, and use the
credential I
> have generated. The most I can do, however, is create the request
and > receive the response:
>
> Dim myWebRequest As System.Net.WebRequest =
> System.Net.WebRequest.Create(strURI)
> myWebRequest.Credentials = myCache
> Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
>
> If only I could use the response.redirect method, and somehow pass
the > credentials with the redirection (like you can with the webrequest), it > could work!
>
> I have also attempted to use the LogonUser API (from the advapi32.dll), and
> impersonate a user based on the proper logon information -- this works, and
> I'm able to successfully impersonate the user, but again, I don't
know how > to pass along the user context to a different page.
>
> I know that many people will say "just use form based
authentication," but
> this will not work for me, as I want this to work with tools like
Outlook > Web Access, which requires windows authentication.
>
> Any help would be greatly appreciated. Thank you!!
>
> Wade
>
>
Look at HTTP specs... see what it says for 302 (that's what
response.redirect really is)...
as I said, all this is http stuff.. so MSDN may not have it (just like they
dont' have http specs there...) you'd probably want to start looking at
w3c's site
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... See, I do not experience it displaying in the address bar. I have not
been able to find anything in MSDN concerning this, but I started to think that
all this method does is mimic what basic authentication does -- I mean,
basic authentication is unencrypted, clear text. Is employing this method
any different than using basic authentication? In both cases, obviously,
it would be worthwhile to encrypt using SSL.
I still wish I understood why this solution would not work if redirected
from the server, via response.redirect, but will if it is redirected at
the client. Even if this isn't a good solution, I'd like to know the answer
to that.
"Rad" <as*******@hot.spam.mail.com> wrote in message
news:or***********************@twister.southeast.r r.com... I don't like this approach (of passing credentials like this) at all.. it's visible in the address bar.. so I'm not sure this is really a good idea.
it's an HTTP thingie.. so you would want to look at it there.. MSDN may
have it.. but may not...
"Wade Wegner" <ww*******@hotmail.com> wrote in message
news:uU**************@TK2MSFTNGP12.phx.gbl... Okay, as I've been playing with the method you mentioned, I've noted
the following.
If I create a login form, and then programmatically create a URL
string, and then redirect to that URL, it prompts me to login. However, if I register a vbscript that uses window.location to redirect the user to this
script, it doesn't. Does the response.redirect not work?
For example, this is what I use for the response.redirect:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
response.redirect(strURL)
That doesn't work, and it prompts me to login.
However, I can get the following to work fine:
Dim strURL as string
strURL = "http://" & txtUserID.Text & ":" & txtPassword.Text &
"@mydomain.com"
Dim txtScript as new System.Text.StringBuilder
txtScript.Append(vbCr & "<script language=vbscript>")
txtScript.Append(vbCr & "window.location = """ & strURL & """")
txtScript.Append(vbCr & "</script>" & vbCr & vbCr)
Page.RegisterStartupScript("redirect", txtScript.ToString)
When I redirect from the client, this works fine. Additionally, if I simply type in the address into the browser, it works properly.
Any ideas? Will I have to do this from the client?
Thanks,
Wade
"Rad" <as*******@hot.spam.mail.com> wrote in message
news:hj**********************@twister.southeast.rr .com...
> while your only option is to use redirect to
> http://username:pa******@somesite.com (if using basic), I wouldn't
do that > either.
>
> anything else -- can't do.
>
>
> "Wade Wegner" <ww*******@hotmail.com> wrote in message
> news:OU**************@TK2MSFTNGP10.phx.gbl...
> > Hello,
> >
> > I have been desperately trying to programmatically authenticate a
windows
> > user, create their credentials, and then redirect them to a different > server
> > while passing the credentials at the same time so that they don't have to
> > login again.
> >
> > Specifically, I have two webservers in the same domain. When I
have a > user
> > go to Webserver A (which uses basic authentication) I programmatically > > create either a user credential or impersonate a user context (for now > it's
> > hardcoded, but in the future it would be entered in forms). Then,
I want
> to
> > let that user access a page on Webserver B (which uses basic
> > authentication), but I don't want them to have to login again --
rather, I
> > want to use the user context that I programmatically created on
Webserver
> A.
> >
> > For instance, here is an example of the code I use to create the
user > > credentials:
> >
> > Dim strURI = "http://www.whatever.com"
> > Dim myCred As New NetworkCredential("userid", "password",
"domain") > > Dim myURI As New Uri(strURI)
> > Dim myCache As New CredentialCache
> > myCache.Add(myURI, "Basic", myCred)
> >
> > From this, I have attempted to use WebRequests and WebResponses to
somehow
> > allow me to direct the browser to a different page, and use the
credential
> I
> > have generated. The most I can do, however, is create the request and > > receive the response:
> >
> > Dim myWebRequest As System.Net.WebRequest =
> > System.Net.WebRequest.Create(strURI)
> > myWebRequest.Credentials = myCache
> > Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
> >
> > If only I could use the response.redirect method, and somehow pass the > > credentials with the redirection (like you can with the
webrequest), it > > could work!
> >
> > I have also attempted to use the LogonUser API (from the
advapi32.dll), > and
> > impersonate a user based on the proper logon information -- this
works, > and
> > I'm able to successfully impersonate the user, but again, I don't
know how
> > to pass along the user context to a different page.
> >
> > I know that many people will say "just use form based authentication," > but
> > this will not work for me, as I want this to work with tools like
Outlook
> > Web Access, which requires windows authentication.
> >
> > Any help would be greatly appreciated. Thank you!!
> >
> > Wade
> >
> >
>
>
This discussion thread is closed Replies have been disabled for this discussion. Similar topics
2 posts
views
Thread by Angelo Vargheese |
last post: by
|
3 posts
views
Thread by Das |
last post: by
|
1 post
views
Thread by jadher |
last post: by
|
3 posts
views
Thread by Patrick.O.Ige |
last post: by
|
5 posts
views
Thread by cdlipfert |
last post: by
|
3 posts
views
Thread by GRB |
last post: by
|
reply
views
Thread by solex |
last post: by
|
6 posts
views
Thread by =?Utf-8?B?UGFyYWcgR2Fpa3dhZA==?= |
last post: by
|
reply
views
Thread by Jesper Lund Stocholm |
last post: by
| | | | | | | | | | | | | | | | | | | |
