{"id":1956,"date":"2022-08-30T15:20:51","date_gmt":"2022-08-30T15:20:51","guid":{"rendered":"https:\/\/unknownerror.org\/index.php\/2013\/12\/05\/httpwebrequest-over-https-with-ntlm-not-working-collection-of-common-programming-errors\/"},"modified":"2022-08-30T15:20:51","modified_gmt":"2022-08-30T15:20:51","slug":"httpwebrequest-over-https-with-ntlm-not-working-collection-of-common-programming-errors","status":"publish","type":"post","link":"https:\/\/unknownerror.org\/index.php\/2022\/08\/30\/httpwebrequest-over-https-with-ntlm-not-working-collection-of-common-programming-errors\/","title":{"rendered":"HttpWebRequest over HTTPS with NTLM not working-Collection of common programming errors"},"content":{"rendered":"

I am trying to make an HttpWebRequest from an ASP.Net page on a server called SV-REQ against another IIS7 server called SV-RES. When I set IIS on SV-RES to use Digest, Basic, or Negotiate and make the change to the credential cache object to use the appropriate method, the code executes fine and I get a valid response from SV-RES confirming that the user credentials are correct. However, when I set IIS to use “Windows Authentication” on SV-RES I get back a 401 error when using NTLM in the credential cache object.<\/p>\n

I am really at a loss and would appreciate if anyone has information for how to make this work.<\/p>\n

Note: The server where this code is being executed is running under anonymous authentication over HTTP. The server getting the request is NTLM (as previously stated) over HTTPS as can be seen in the code below.<\/p>\n

This is the code on SV-REQ that is being executed. SV-REQ is IIS7 and is configured for ASP.Net 2.0<\/p>\n

Dim credCache As CredentialCache = New CredentialCache()\nDim mUri As Uri = New Uri(\"https:\/\/sv-res.my-domain-here.com\/default.htm\")\nDim mreq As HttpWebRequest = WebRequest.Create(mUri.ToString)\ncredCache.Add(mUri, \"NTLM\", New NetworkCredential(muser, mpass, mdomain))\nmreq.Credentials = credCache\nDim mres As HttpWebResponse = mreq.GetResponse\n<\/code><\/pre>\n
Here is the error I get back from SV-RES from the above code. SV-RES is also IIS7 configured for ASP.Net 2.0<\/p>\n
\nThe remote server returned an error: (401) Unauthorized. \nDescription: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. \n\nException Details: System.Net.WebException: The remote server returned an error: (401) Unauthorized.\n\nSource Error: \n\n\nLine 31:         credCache.Add(mUri, \"NTLM\", New NetworkCredential(muser, mpass, mdomain))\nLine 32:         mreq.Credentials = credCache\nLine 33:         Dim mres As HttpWebResponse = mreq.GetResponse\nLine 34:         Dim sr As StreamReader = New StreamReader(mres.GetResponseStream())\nLine 35:         txtResult.Text = sr.ReadToEnd()\n\n\n\nSource File: C:\\inetpub\\httproot\\contentscan.aspx.vb    Line: 33 \n\nStack Trace: \n\n\n[WebException: The remote server returned an error: (401) Unauthorized.]\n   System.Net.HttpWebRequest.GetResponse() +1126\n   contentscan.Page_Load(Object sender, EventArgs e) in C:\\inetpub\\httproot\\contentscan.aspx.vb:33\n   System.Web.UI.Control.OnLoad(EventArgs e) +132\n   System.Web.UI.Control.LoadRecursive() +66\n   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428\n<\/pre>\n
    \n
  1. \n
    Well after quite a bit of investigation I have found the problem here. Looks like it is related to a security update that doesn’t really get talked about very often and as such I have written up a post about it over on my site: http:\/\/www.tinyint.com\/index.php\/2009\/08\/24\/401-error-on-httpwebrequest-with-ntlm-authentication\/<\/p>\n
    The short of it though is that the security update patches a vulnerability in SMB and part of this involves a loopback check on the hostname when doing authentication requests. If you leave this loopback check enabled, you have to enter your hostname in the registry to be able to properly authenticate.<\/p>\n<\/li>\n<\/ol>\n
    Originally posted 2013-12-05 16:31:47. <\/small><\/p>","protected":false},"excerpt":{"rendered":"
    I am trying to make an HttpWebRequest from an ASP.Net page on a server called SV-REQ against another IIS7 server called SV-RES. When I set IIS on SV-RES to use Digest, Basic, or Negotiate and make the change to the credential cache object to use the appropriate method, the code executes fine and I get […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1956","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/1956","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=1956"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/1956\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=1956"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=1956"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=1956"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}