locked
connecting to remote site with API using Windows authentication passively RRS feed

  • Question

  • User-2125781192 posted

    hi guys as topic says im in need with a project to find a way to connect to a remote server like http://cdn.col.dk/getdata.asmx

    but it gives a windows authentication login box but i need to do this with out user intervention and i know there is way using http://user:pw@cdn.col.dk/getdata.asmx

    but that would make it visible in the HTML code and very less secure. is there not a way to protect API site from external use and so only the webserver can use the API im looking for alternative for the above.

    or is there a way i can pass the credentials with out the user knowing and seeing.

    thanks regards jens

    Thursday, May 8, 2014 2:45 AM

Answers

  • User-902516579 posted

    Hi,

    You might want to check out OAuth: http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

    If the client is already logged into the domain with IWA credentials, then they will be passed to the server if configured to require them.

    You do not want to pass the credentials in the URL.

    You might  try placing a simple INDEX.HTML into the same directory as the ASMX, enable IWA (disable Anonymous) and see if you get the challenge response.  If you do then either the client did not pass them or the server did not like what it received.

    As long as the client and server are in the same domain or different domains where a trust exists between them, then IWA will work without prompting for credentials, if configured correctly.

    HTH, Benjamin

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 8, 2014 8:33 AM