Hello. I have an application that must first authenticate with a Symantec Web Gateway. My customer is using Symantec Web Gateway version 4.5.3.38. I am writing the application in C# and it will be running on a machine that is not joined to the domain and they do not want to enter an exception in the gateway box.
The gateway uses NTLM (NTLMSSP) authentication. The code I have written works perfectly to authenticate against some of our company websites that use NTLM but it does not seem to work against the web gateway and I am wondering if I need to hit specific pages on the gateway box first before trying to go out to the web. I have tried going straight to http://google.com and passing the authentication but the gateway returns a page telling me that I did not authenticate.
I have also tried hitting the same page the browser hits if you try to authenticate. The page url takes the form of:
http://gatewayname:8080/ntlm/authenticate.php?ip=&Policy=1&url=www.google.com/
If I hit against this page it will drop to the catch of the exception handling and return the error message:
The remote server returned an error: (401) Unathorized.
The username, password and domain are all correct. I can use them in Internet Explorer and authenticate just fine from the same box. If I watch the connections in WireShark and try to authenticate with the gateway I do not see the username being passed but when I hit it against some other websites I have that are running on Windows IIS it passes the username and mentiones NTLMSSP just like IE does when authenticating with the Symantec Web Gateway. So my guess is that I am just not hitting the right page or something or have possibly missed something in the code.
Here is my code. Any help or suggestions you may be able to offer are appreciated:
private void TestAuthenticationButton_Click(object sender, EventArgs e)
{
StatusLabel.Text = "Requesting Page...";
StatusLabel.Refresh();
OutputTextBox.Text = "";
OutputTextBox.Refresh();
StringBuilder sb = new StringBuilder();
byte[] buf = new byte[8192];
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(WebSiteAddressTextBox.Text);
if (UseAuthenticationCheckBox.Checked)
{
NetworkCredential credential;
if (DomainNameTextBox.Text != "")
{
credential = new NetworkCredential(UserNameTextBox.Text, PasswordTextBox.Text, DomainNameTextBox.Text);
}
else
{
credential = new NetworkCredential(UserNameTextBox.Text, PasswordTextBox.Text);
}
CredentialCache credentialCache = new CredentialCache();
credentialCache.Add(new Uri(WebSiteAddressTextBox.Text), "Negotiate", credential);
request.Credentials = credentialCache;
request.PreAuthenticate = true;
}
try
{
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream resStream = response.GetResponseStream();
string tempString = null;
int count = 0;
do
{
count = resStream.Read(buf, 0, buf.Length);
if (count != 0)
{
tempString = Encoding.ASCII.GetString(buf, 0, count);
sb.Append(tempString);
}
}
while (count > 0);
OutputTextBox.Text = sb.ToString();
StatusLabel.Text = "Request Complete.";
StatusLabel.Refresh();
}
catch (Exception ex)
{
StatusLabel.Text = "Error...";
StatusLabel.Refresh();
MessageBox.Show(ex.Message.ToString());
}
}