tags:

views:

5676

answers:

3
+2  Q: 

Passing AD authentication credentials via IE browser in C# Windows Form

We have a Windows Form application which hosts an IE browser control. Our users run the application and open links to documents stored in MOSS. We are trying to set the application up to pass in credentials of a service account so that we can avoid giving all users access to the MOSS site. We have used code found here which seems to work fine if the user is not currently signed on to our domain. However the application will not seem to pass in the service account authentication for any user which is already authenticated to the domain. In this case it just seems to use the authenticated users credentials.

Does anyone know of how we can make this work?

Thanks!

Jeff

A: 

Would impersonation not help here? You can run that bit of code (the form) under the guise of the service account user you're talking about and the browser control should then run within the same context.

the following links might help;

http://msdn.microsoft.com/en-us/library/b80a7e92.aspx

http://www.buro9.com/blog/2006/10/06/impersonating-a-user-in-c/

deepcode.co.uk  2008-11-06 18:11:08
Unfortunately impersonation doesn't seem to help. The impersonation works (based on the code snippet from the blog mentioned) but the IE browser control ignores the impersonation and still authenticates to my MOSS site with the underlying AD user, even if control is instantiated after impersonation.
Jeff C  2008-11-13 21:29:11
A: 

My understanding is that the IE control in your application will automatically sign-in to the MOSS site, based on the credentials in the Windows session. You would rather it always used an account you specify, and coded into the application?

IE automaticlly signs in to domain sites using a type of Kerberos authentication (Windows Integrated Authentication)

Three suggestions;

  • Do not use the MOSS site's WINS name but IP-address instead (may also work with DNS names e.g. not http://moss-server but http://moss-server.domain.com). This should cause IE to not automatically sign in to the site.
  • Change the authentication model on the web-server to use Basic only (security warning - clear text password exchange)
  • Disable the option for 'Enable Integrated Windows Authentication' in the web-browser. This will make accessing any sites in the domain a pain...

My recommendation is the 1st one. Use a different address to make IE think it is not accessing a trusted site and therefore not use integrated authentication.

All can be tested using IE outside of the application. Simple fire up IE and enter the address you are using to the MOSS site. If you are asked for a password, you have your solution.

Thies  2008-11-28 17:45:42
+1  A: 
Rihan Meij  2008-12-01 15:54:59

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?