Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
720 views
in Technique[技术] by (71.8m points)

iis - System.Net.WebClient doesn't work with Windows Authentication

I am trying to use System.Net.WebClient in a WinForms application to upload a file to an IIS6 server which has Windows Authentication as it only 'Authentication' method.

WebClient myWebClient = new WebClient();
myWebClient.Credentials = new System.Net.NetworkCredential(@"boxnamepeter", "mypassword"); 
byte[] responseArray = myWebClient.UploadFile("http://localhost/upload.aspx", fileName);

I get a 'The remote server returned an error: (401) Unauthorized', actually it is a 401.2

Both client and IIS are on the same Windows Server 2003 Dev machine.

When I try to open the page in Firefox and enter the same correct credentials as in the code, the page comes up. However when using IE8, I get the same 401.2 error.

Tried Chrome and Opera and they both work.

I have 'Enable Integrated Windows Authentication' enabled in the IE Internet options.

The Security Event Log has a Failure Audit:

Logon Failure:
    Reason:     An error occurred during logon
    User Name:  peter
    Domain:     boxname
    Logon Type: 3
    Logon Process:  èù?
    Authentication Package: NTLM
    Workstation Name:   boxname
    Status code:    0xC000006D
    Substatus code: 0x0
    Caller User Name:   -
    Caller Domain:  -
    Caller Logon ID:    -
    Caller Process ID:  -
    Transited Services: -
    Source Network Address: 127.0.0.1
    Source Port:    1476

I used Process Monitor and Fiddler to investigate but to no avail.

Why would this work for 3rd party browsers but not with IE or System.Net.WebClient?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I have seen a similar issue, where the Integrated / NTLM security will only work if you are accessing the host by machine name or localhost. In fact, it is a [poorly] document feature in Windows that is designed to protect against "reflection attacks".

Basically, you need to create a registry key on the machine that is trying to access the server, and whitelist the domain you are trying to hit. Each host name / FQDN needs to be on it's own line - there are no wildcards and the name must match exactly. From the KB Article:

  • Click Start, click Run, type regedit, and then click OK.
  • In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
  • Right-click MSV1_0, point to New, and then click Multi-String Value.
  • Type BackConnectionHostNames, and then press ENTER.
  • Right-click BackConnectionHostNames, and then click Modify.
  • In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  • Exit Registry Editor, and then restart the computer.

http://support.microsoft.com/kb/956158/en-us


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...