3

I am having difficulties authenticating a HttpWebRequest to a webserver. The response I am receiving is simply a 401. I've made sure I set the credentials correctly on the C# side, and IIS is correctly set to allow NTLM authentication. I don't know if this matters, but he computer is not on the same domain as the the web server.

I am sure the user/pass is correct but are there any other authorization settings needed to configure on the user?

If I enable Basic authentication, and disable Windows Authentication, the request works perfectly (with the correct C# code changes of course).

What am I missing?

    webRequest.UseDefaultCredentials = false;
    webRequest.PreAuthenticate = true;
    var c = new NetworkCredential("User", "password", "domain");

    CredentialCache credentialCache = new CredentialCache();
    credentialCache.Add(new Uri(Url), "NTLM", c);
    webRequest.Credentials = credentialCache;

Heres a snapshot of my settings in IIS.

IIS Authentication Configuration

Failed Request Tracing:

Tracing Error Log

cgatian
  • 22,047
  • 9
  • 56
  • 76

2 Answers2

1

With the help of a colleague, we were able to determine something was wrong in the way Windows was dealing with the authentication. Looks like a setting in the Local Security was wrong. Changing Local Policies > Security Options > Network access: Sharing and security model for local accounts from Guest only - local users authenticate as Guest to Classic fixed the problem.

enter image description here

cgatian
  • 22,047
  • 9
  • 56
  • 76
0

What is the value of the credential cache lines, 

CredentialCache credentialCache = new CredentialCache();
credentialCache.Add(new Uri(Url), "NTLM", c);

why not simply set 

webRequest.Credentials = c;

401.2 likely means that either that web server you are connecting to is not enabled to use NTLM (which it seems to be according to your screenshot), or that there is a proxy between your client and the web server

Ben Robinson
  • 21,601
  • 5
  • 62
  • 79
  • Yes you could do that. Either does the same. – cgatian Feb 13 '12 at 16:19
  • I am making the request over a VPN, could that be issue? – cgatian Feb 13 '12 at 16:21
  • It could be the issue yes, it depends on many things, but yeah it could be messing with the NTLM challenge/response mechanism. Can you test the code from inside the network to see if that makes any difference. – Ben Robinson Feb 13 '12 at 16:29