my ASP.NET web application uses windows authentication on our intranet. I want it to be able to make a server-side http request to another server on the same domain that also requires windows authentication.
I've followed the instructions on temporarily impersonating the authenticated user when making the additional request here:
http://msdn.microsoft.com/en-us/library/ff647404.aspx
Using code like this:
using System.Security.Principal;
// Obtain the authenticated user's Identity
WindowsIdentity winId = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsImpersonationContext ctx = null;
try
{
// Start impersonating
ctx = winId.Impersonate();
// Now impersonating
// Access resources using the identity of the authenticated user
var request = WebRequest.Create("http://intranet/secureapp");
request.Credentials = CredentialCache.DefaultCredentials;
var response = request.GetResponse();
using (var streamReader = new StreamReader(response.GetResponseStream()))
{
Response.Write(streamReader.ReadToEnd());
}
}
// Prevent exceptions from propagating
catch
{
}
finally
{
// Revert impersonation
if (ctx != null)
ctx.Undo();
}
// Back to running under the default ASP.NET process identity
But, unfortunately, I always get a 401 unauthorized error.
Do I need to configure our webserver with active directory to allow it to delegate the autenticated user (could be any one of about 200 users, so don't want to have to do anything 200 times :))? If so, can anyone tell me how to do this?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…