473,399 Members | 3,106 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > httplistener windows authentication fails for domain account

Join Bytes to post your question to a community of 473,399 software developers and data experts.

HttpListener windows authentication fails for domain account

I have a very simple console app using an HttpListener to listen for incoming
HTTP requests (see code below). My client and server machines are both in an
ADS domain and I'm logged into both using my domain account. The server app
is running as admin on an XPSP2 box. If I set authentication to Anonymous or
Basic, I can get requests. If I change to IntegratedWindowsAuthentication,
however, IE on the client prompts me for credentials. I can get through using
an account on the server, but I really want it to just authenticate me as the
domain account I'm logged in on the client. I can do a secure TCP remoting
call between machines as well as use Windows Auth for an IIS web share. This
should work no problem, so am I missing some simple config setting?

HttpListener listen = new HttpListener();
listen.Prefixes.Add("http://*:8111/");
listen.AuthenticationSchemes =
AuthenticationSchemes.IntegratedWindowsAuthenticat ion;
listen.Start();
HttpListenerContext ctx = listen.GetContext();

byte[] buffer = System.Text.Encoding.UTF8.GetBytes("<HTML><BODY>
Success</BODY></HTML>");

resp.ContentLength64 = buffer.Length;
resp.OutputStream.Write(buffer, 0, buffer.Length);
resp.OutputStream.Close();
listen.Stop();
Feb 3 '06 #1
5 6001
Hi David,

Welcome to the MSDN newgroup.

As for the HttpListener class, when using with integrated windows or
Negociate authentication schemas, the cilent and server will try using an
secure authentication both sides support and for 2000 or later, the
kerberos authentication maybe choosed. I think it is likely there occur
some problem when the client and server machine try determine the
authentication schema and performign the authentication communication which
is in ahead of our code. Have you tried using the fixed NTLM authentication
schema , based on my test, using the fixed NTLM authentication can work
correctly. In addition, I'll perform some further research on the
"IntegratedWindows" or "Negociate" ones to see whethre threre is any
existing problem on them. I'll updateyou soon.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Feb 6 '06 #2
In response to your suggestion, I tried AuthenticationSchemes.Ntlm and it let
me connect and gave me an authenticated WindowsIdentity. This is good news.
However, I was under the impression that IntegratedWinAuth or Negotiate would
both be smart enough to use NTLM if that was all the client and server could
agree on. To get another data point, I looked at the Identity I get on the
server when I do remoting over a secure TCP channel. In that experiment, the
server thread has a WindowsIdentity that's authenticated using NTLM. If the
remoting channel can figure it out, why can't the HttpListener? I also wonder
why .NET 2.0 is using NTLM when my environment is supposed to be ADS and
Kerberos, but that's probably beyond the scope of this post.
Feb 6 '06 #3
Hi David,

Thanks for your response.

After some discussion with our dev guys, we've got the point that cause the
problem behavior in our scenario. As I mentioned in the previous message,
for IntegratedWindowsAuthentication or Negociate mode, the client and
server will choose the most secure authentiation protocol, and for 2000 or
later version of windows, Kerberos will be used, however, performing
kerberos authentication require the server application(in our case is the
HttpListener's hosting application) be able to gain machine credential.
However, since our own console or winform application always run under our
own logon user, it can not do so. Therefore if you want to use
HttpListener and configured as IntegratedWindows or Negociate, we need to
make the host application running under Network Service account (or Local
System is also ok), and generally this is only available if our application
is a service application (which is configured in service controller that
can be specified to use Network Service or Local System account).

In addition, if we use NTLM authentication protocol, there is not such
requirement.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
believe you¡¯re running your app under your own account. With Negotiate or
Integrated, your client will attempt Kerberos auth and this will fail to
gain machine credentials unless you run your app as NetworkService.
Feb 7 '06 #4
Thank you for the respose. Your answer was quite helpful.
Feb 7 '06 #5
You're welcome David,

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Feb 9 '06 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
Windows authentication
by: Bob Everland | last post by:
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no...
ASP / Active Server Pages
1
Need to Change Developers Acct to Windows Authentication
by: sherkozmo | last post by:
I have my SQL 7.0 server set for Mixed security. I see now (finally) the advantages of having windows authentication security for windows groups. I do most of my developing in Access Projects...
Microsoft SQL Server
2
What happens to Windows Authentication if domain failure occurs?
by: Vinodi | last post by:
Hi, I have a peculiar problem (or maybe not). I have SQL clients installed on XP boxes. These XP boxes are a member of let us say "XYZ" domain. SQL Server is installed on one of the boxes having...
Microsoft SQL Server
1
Anonymous login and Windows Authentication
by: Darren Oakey | last post by:
G'day - I'm going insane trying to solve this proble, and would desperately love some assistance: My problem: I am making a web site usable by both internal users and the general public....
ASP.NET
7
Windows authentication from ASP.net application to Sql Server
by: Alice Wong | last post by:
I am setting up my Web ASP.net application to connect to Sql server using windows authentication. I set up IIS to have integrated windows authenication and sql to allow Windows authentication....
ASP.NET
3
Setting up HttpListener basic authentication
by: Martin | last post by:
How does one set up basic authentication on an HttpListener? I know I need to set the HttpListener.AuthenticationSchemes to AuthenticationSchemes.Basic but then I'm unsure how and against what...
.NET Framework
0
windows authentication default domain
by: palbria | last post by:
Hello, I was wondering if there was any way to set the default domain while using windows authentication. People are haveing trouble remembering that it needs to be "domain\username". I would...
Visual Basic .NET
5
Vista IIS7 write access denied only with windows authentication
by: DotNetDanny | last post by:
Hello Machine: Windows Vista Business, standalone machine (no domain). Installed an old classic ASP webapplication in IIS7, running under a new app.pool with 'NETWORK SERVICE' account (using...
IIS / Internet Information Server
8
Integrated Windows authentication fails sporadically IE7 clients
by: jonmundsack | last post by:
I have an intranet site on my LAN which has "anonymous access" turned OFF, and "integrated Windows authentication" turned on. This allows me to access the "AUTH_USER" server variable, which I use...
ASP / Active Server Pages
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!