problem
WEB
The Application people know that in a web site allows users to access anonymous access, or no anonymous forced request authentication can be accessed.
An options for Anonymous Access and Authenticated Access are visible under the Directory Property / Directory Security Security Security Security Security Security Security. There are also many ways in authentication access: Basic, Summary Certification (Digest), and famous Windows Authentication, which should be called Challenge / Response.
When choosing and authenticating access, any request will be rejected by the server, returning 401-unauthenticated errors. Accessing Web Site through IE, browser will help you do a lot of things, especially when you choose Windows integration mode, and users are log recorders, which feel completely transparent to users. But how can I send a request to a site that requires authentication access? This is our problem.
the reason
Under DotNet we usually use system.Web.httponsebrequest / httpwebresponse to complete the HTTP operation, which is more important for the client to send a request HttpWebRequest.
Under normal case, we create a request:
oRequest = (System.Net.HttpWebRequest) WebRequest.Create (uri); if (! oRequest = null) {// send request oRequest.ProtocolVersion = HttpVersion.Version11; oRequest.Method = @ "GET"; oResponse = (System. Net.httpwebresponse) orequest.getResponse ();
} This code requests to allow an anonymous site without any problems, but when the site turns off the switch of anonymous access, the 401 incorrect mentioned above will be received. Because we don't specify the user ID to access the site.
solve
There is a property Credentials in the HTTPWebRequest class, which is used to store authentication information.
If you want to use the authentication information of the current login user, you can assign it:
orequest.credentials = credentialcache.defaultcredentials; CredentialCache.defaultcredentials records authentication information in the context of the application, but you can't read the username, password, and login domain (all empty strings), but indeed record it. The current login user information, this is also the protection mechanism of Windows.
If you want to use a specified user's identity, you must provide username, password, and domain name:
Ocredential = New NetworkCredential (SUSER, SPWD, SDOMain); Orequest.credentials = Ocredential.Getcredential (New Uri (URI), String.empty;
The authentication method can be specified in the getCredential method, which is "Basic", "NTLM". Specific parameters meanings, reference MSDN.
Complete example
oRequest = (System.Net.HttpWebRequest) WebRequest.Create (uri); if (oRequest = null!) {// send request oRequest.ProtocolVersion = HttpVersion.Version11; oRequest.Method = @ "GET"; if (sUser =! String.Empty) {oCredential = new NetworkCredential (sUser, sPwd, sDomain); oRequest.Credentials = oCredential.GetCredential (new Uri (uri), String.Empty);} else {oRequest.Credentials = CredentialCache.DefaultCredentials;} oResponse = Orequest.getResponse ();
} This way you currently log in to users or users who provide accounts and passwords pass anything, you can access resources on Web Site as in normal case. Of course, if you provide a wrong username or password, don't come to me.
DOTNET is very simple, just here.
What does IE have done?
I've got out what I did when I was visiting a site that requested a certified site.
When the server selects the authentication mode of integrated Windows, the user requests the protected resource through the IE, the server returns a 401 error code, and a Wwww-authenticate HTTP header (header). After IE receives this header, pass the current username, machine name, and domain name to the server, the server continues to respond to a 401 error code and the header of WWW-Authenticate. This is the IE conversion password is sent again to the server. At this time, the authentication is not completed.
If the user currently logged in to Windows does not have the resource of the server, IE will pop up a dialog box, requiring the user to enter the username, password, and domain name, repeat the above process again. If the user enters the wrong message three times, then IE does not play, tell you "unauthorized".
It can be seen that IE is still a lot of things. If we want to write a better client program, you also need to re-consider these issues.
Reference documentation
A, httpwebrequest class (http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemnetttpwebrequestClasstopic.asp)
B, Credentialcache Class (http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemnetcredentialcacheclasstopic.asp)
C, NetWorkcredenti Class (http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemnetNetWorkcredentialClasstopic.asp)
