1

I have to implement the following scenario: ASP .NET webapp 1. User logs in 2. With the logged in user's credentials I have to download some files from a Sharepoint site;

Environment: - Right now the web.config is set to impersonation on, and windows auth. on, but also have to work with basic authentication - I use a System.Net.WebClient to download Sharepoint files using the Sharepoint site's web services, and this WebClient needs a Credential object, that's why I need the NetworkCredential object.

P.S: CredentialCache.DefaultCredentials and CredentialCache.DefaultNetworkCredentials returns a credential with empty username and pw, so I cannot use it for acccessing the Sharpeoint site. It is also not suitable to get System.Security.Principal.WindowsIdentity.GetCurrent() or System.Web.HttpContext.Current.User.Identity, because i can get only a username this way, and for instantiating a NetworkCredential I need a uname and pw.

user1307533
  • 169
  • 2
  • 3
  • 10
  • How are you determining that the credentials are empty? The MSDN docs for `DefaultCredentials` state "The ICredentials instance returned by DefaultCredentials cannot be used to view the user name, password, or domain of the current security context." – Aquila Sands Oct 07 '13 at 12:10
  • 1
    Well, during debugging I see an empty string in the username and password field. Although based on your comment this is normal, whey I try to connect the Sharepoint site with that default credential, and I get unathorized exception, so it's obvious that the credential is not the logged in user's credential, because the logged in user can access the Sharepoint site. – user1307533 Oct 07 '13 at 13:31
  • An idea: since i can get the logged in user's identity through the System.Security.Princial.WindowsIdentity.GetCurrent(), are there any ways to connect to a Sharepoint site's web services using an impersonation context? I mean using WindowsIdentity.Impersonate(). – user1307533 Oct 07 '13 at 13:45
  • 2
    You may be running into the double hop issue see [IIS, Windows Authentication and the Double Hop issue](http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx) for details. If this is the case then you will need to impersonate the credentials, this [SO post Impersonation and NetworkCredential](http://stackoverflow.com/questions/2063408/impersonation-and-networkcredential) may help with that. – Aquila Sands Oct 07 '13 at 17:35

2 Answers2

4

FYI, I think I've managed to solve the issue; I'm using an impersonation context, and I use the CredentialCache.DefaultNetworkCredentials, and I set the WebClient's UseDefaultCredentials to true, and this seems to be working so far. So:

WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
using (identity.Impersonate())
{
    webClient.Credentials = CredentialCache.DefaultNetworkCredentials;
    webClient.UseDefaultCredentials = true;
}

This worked for me.

Vincent
  • 1,459
  • 15
  • 37
user1307533
  • 169
  • 2
  • 3
  • 10
1

You can try to use Forms authentication, if possible for your scenario, and send .ASPXAUTH cookie along with request to that file, see this answer:

How do I authenticate a WebClient request?

EDIT Make sure you have this in web.config in order to windows authentication work correctly:

<system.web>

    <authentication mode="Windows" />

     <authorization>
         <deny users="?"/>
      </authorization>

</system.web>

Community
  • 1
  • 1
Robert
  • 3,276
  • 1
  • 17
  • 26
  • Hi, thanks for the answer, that'll be useful in environments where forms auth. is configured, but it also have work with Windows Auth. So you say there's no way to connect to a sharepoint site from an application with the logged in user when the user is already authenticated himself?? If that's true, I must say that I h8 M$.. – user1307533 Oct 06 '13 at 20:23
  • Well, another thing is, that NetworkCredentials object return empty values in debug mode, so you, as the developer don't see them, but they correct ones are passed once in release. Could this be your case? – Robert Oct 07 '13 at 06:47
  • "Could this be your case?" I don't know, but I'll check it. – user1307533 Oct 07 '13 at 07:46
  • With release build, and no debugger attached, the DefaultNetworkCredentials are still empty :( – user1307533 Oct 07 '13 at 10:09
  • My web.config looks like this: But DefaultCredentials and DefaultNetworkCredentials does not work. – user1307533 Oct 07 '13 at 11:32
  • Well at least what I can say is that is redundant – Robert Oct 07 '13 at 11:38