locked
407 Proxy Authentication Required

    Question

  •  

    Hi All,

    We currently have an old Win32 (unmanaged) app out there written in VB 6.0. This is a shareware app that has been around for a couple of years and has been downloaded by a number of users all over the world. This application talks to a managed DLL (a proxy of sorts), which communicates with a Web service. In other words, the managed DLL is really a proxy for the VB client to communicate with the Web service. The Web service is running on our central server and requires SSL in order to communicate.

    The VB client talks to the .NET proxy, which in turn sends all the information to our server. Any response received from the server is formatted appropriately by the proxy and made available to the VB app. That's all COM InterOp magic and all works fine.

    Everything works fine in most environments. However, in larger corporate environments which typically have proxy servers that require authentication to connect to the Internet, the call fails and clients report the error -- 407 Proxy Authentication Required. In other words, clients that access the Web thru a proxy server are unable to communicate with our Web service.

    I have been reading posts about deriving the proxy setting from IE and using a Proxy-Authentication header to send that out to the proxy server. Is this likely to work? If not what would be the workaround for this issue?

    More importantly, for me, since I have never actually worked with these objects, a code sample illustrating how to do this would tremendously appreciated.

    An important note: the managed solution is implemented using .NET 1.1, not 2.0.

    TIA,

    Pat

    Friday, March 03, 2006 6:53 PM

Answers

  • You shouldn't have to add the credentials to the headers yourself.  You would use the HttpWebRequest.Credentials property to add credentials (this same property exits on the WebProxy object also - everything here applies to proxies also). 

    In the world of HttpWebRequest authentication, there are two types of credentials that you need to be aware of: 1) Default Credentials (credentials used to log onto the computer) and 2) explicit credentials.

    For DefaultCredentials you can use something like this:
        HttpWebRequest.Credentials = CredentialCache.DefaultCredentials;

    For Explicit credentials, you have two choices:
    1) Add the credentials directly to the request
        HttpWebRequest.Credentials = new NetworkCredential(user,pass, domain);

    2) Add the credentials to a collection of credentials (advanced level of control)
        CredentialCache credList = new CredentialCache();
        credList.Add(uri,authType,new NetworkCredential(user,pass,domain));

     In the case of the second example, you are controlling the type of authentication that is allowed (ntlm, kerberos, negotiate, basic, digest). and the Url that the credentials are associated with.

    In the case of a corporate network, the credentials that are probably needed are the Default Credentials, but is going to depend on the settings for that proxy server.  The type of authentication required by the proxy server will depend on the proxy server configuration as well.  You may need to implement some type of configuration file scheme that allows the user to specify whether or not to send explicit/default credentials to the proxy server. 

    I hope this helps.

    Wednesday, March 08, 2006 8:42 PM

All replies

  • Yes, you will need to send credentials to the proxy via HTTP headers.  The version of the framework should not be important in this case as it is up to the implementation of the proxy whether it recognizes and honours the proxy auth header or not.

    These are set for you when you set the Credentials property on the request

    Friday, March 03, 2006 7:54 PM
  • Mike,

    Thanks for your reply. How do I go about sending the credentials via HTTP headers in code? Remember, our application is a generic client that will be installed in a number of different environments, some with a proxy server (such as a large corporation) and some without (home user). In this case, how do I get the application to automatically detect proxy settings? I would love to know if (and how) I can leverage IE auto-detect capabilities in code.

    I guess if I can find an answer to both of the above questions (and learn how to auto-detect proxy settings), I should be able to do what is needed to make the app work in various environments.

    Thanks!

    Pat

    Wednesday, March 08, 2006 6:54 PM
  • You shouldn't have to add the credentials to the headers yourself.  You would use the HttpWebRequest.Credentials property to add credentials (this same property exits on the WebProxy object also - everything here applies to proxies also). 

    In the world of HttpWebRequest authentication, there are two types of credentials that you need to be aware of: 1) Default Credentials (credentials used to log onto the computer) and 2) explicit credentials.

    For DefaultCredentials you can use something like this:
        HttpWebRequest.Credentials = CredentialCache.DefaultCredentials;

    For Explicit credentials, you have two choices:
    1) Add the credentials directly to the request
        HttpWebRequest.Credentials = new NetworkCredential(user,pass, domain);

    2) Add the credentials to a collection of credentials (advanced level of control)
        CredentialCache credList = new CredentialCache();
        credList.Add(uri,authType,new NetworkCredential(user,pass,domain));

     In the case of the second example, you are controlling the type of authentication that is allowed (ntlm, kerberos, negotiate, basic, digest). and the Url that the credentials are associated with.

    In the case of a corporate network, the credentials that are probably needed are the Default Credentials, but is going to depend on the settings for that proxy server.  The type of authentication required by the proxy server will depend on the proxy server configuration as well.  You may need to implement some type of configuration file scheme that allows the user to specify whether or not to send explicit/default credentials to the proxy server. 

    I hope this helps.

    Wednesday, March 08, 2006 8:42 PM
  • One more thought...

    If you need to know the "authType" to pass into the CredentialCache when adding a credential to the list, you issue a request to the server or proxy and look at the response headers.  

    A simple explanation of the traffic that occurs between client and server for http authentication can be found on my blog at http://blogs.msdn.com/joncole/archive/2005/11/09/491009.aspx

     

    Wednesday, March 08, 2006 8:45 PM