0

I have an ASP.NET MVC app. It is hosted on Windows Server 2012 R2 joined to an AD domain.

The operating regime requires a Http proxy and credentials. When using a browser, the logged in credentials of the (human) domain user are applied transparently.

My ASP.NET app uses HttpWebRequest. Although the documentation says it would use the proxy as set in Internet Explorer, it does not appear to be doing so. So I assign the proxy manually and set UseDefaultCredentials to true, which the documentation says the credentials of the "currently logged on user" will be used. But the response came back with:

The remote server returned an error: (407) Proxy Authentication Required.

Under IIS Authentication settings, I already have enabled ASP.NET Impersonation: <identity impersonate="true" />. (Is this the right thing to do?) How do I find out the identity of the process that is used to make the HttpWebRequest?

Or what must I do to use the credentials of the logged in domain user using my app to access the proxy?

Old Geezer
  • 14,854
  • 31
  • 111
  • 198
  • (You are about to build anonymizing proxy. Make sure you are ok with that.) Search terms - "NTML one-hop-hell", "c# revert to process impersonation asp.net". – Alexei Levenkov Feb 02 '19 at 03:57
  • I don't think I want to anonymize anything. I want to use the logged in user's credentials to access the proxy, if he has the rights. This sounds like the opposite of anonymizing. It is the same as impersonating the web app user to access a file resource on the web server. I didn't realize it would be that complex. – Old Geezer Feb 02 '19 at 04:08
  • I did not say you "want to anonymize", just accessing proxy under hardcoded (process') identity normally would be considered as "anonymization". Yes, it is the same as "access a file resource" if you ever did that for files that are not local to the web server but on some other file share. If you did not - that would be "fun" exercise... – Alexei Levenkov Feb 02 '19 at 04:14
  • Actually I want the opposite of hardcoded identity. I want to use the user's identity, so whether he can access depends on his rights. It's dynamic rather than hardcoded. – Old Geezer Feb 02 '19 at 04:17
  • So does everyone else :)... Let me know if search terms I suggested did not provide enough info and I try to find good duplicate (also related https://stackoverflow.com/questions/1402852/application-pool-identity-in-iis-and-integrated-security-to-sql-server?rq=1 may be good read) – Alexei Levenkov Feb 02 '19 at 06:15
  • Thanks for your help. Constrained Delegation in the answer to the SO post seems to be the thing that is needed, and I would have to go back to the enterprise admin. I would think what I need is a rather common scenario used by "everyone else", and hence surprised Google turned up nothing relevant. – Old Geezer Feb 02 '19 at 07:23

1 Answers1

0

I think you may refer to this answers on another question right here I think it's exactly related to your question

khalid aboubakr
  • 1