How does NetworkCredential in C# works when assigned to a HttpRequest object?

Question

I want to know how NetworkCredentials are passed over an http request. Do they get passed as HTTPHeaders, RequestData or there is something else that carries the information.

I tried creating a sample app and checked the fiddler logs. I don't see it being added as HTTPHeader so what carries that information.

Here is the sample code I tried:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://gmail.com");
request.Method = "GET";
request.ContentType = "application/json";
request.UserAgent = "Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0";
request.Credentials = new NetworkCredential("TestUser", "Password-1");

Depends on the type of authentication you request. `Credentials` is just the placeholder for the credentials. What kind of authentication do you want to perform? — Panagiotis Kanavos, May 02 '17 at 13:58
BTW *Gmail* doesn't use usernames and passwords. You have to authenticate to *google* first using OAuth — Panagiotis Kanavos, May 02 '17 at 14:00

score 0 · Answer 1 · answered May 02 '17 at 13:54

From the following MSDN page;

Supported authentication schemes include Digest, Negotiate, Kerberos, NTLM, and Basic. https://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.credentials(v=vs.110).aspx

So it will depend, usually I guess it will pick the most secure and available method... However it also says;

To restrict HttpWebRequest to one or more authentication methods, use the CredentialCache class and bind your credentials to one or more authentication schemes

So if you wished it to be used as headers I suppose you could restrict it to only using Basic authentication using the CredentialCache object;

https://msdn.microsoft.com/en-us/library/system.net.credentialcache(v=vs.110).aspx

How does NetworkCredential in C# works when assigned to a HttpRequest object?

1 Answers1