[ACCEPTED]-System.Net.WebClient doesn't work with Windows Authentication-ntlm

Accepted answer
Score: 21

I have seen a similar issue, where the Integrated 11 / NTLM security will only work if you are 10 accessing the host by machine name or localhost. In 9 fact, it is a [poorly] document feature 8 in Windows that is designed to protect against 7 "reflection attacks".

Basically, you 6 need to create a registry key on the machine 5 that is trying to access the server, and 4 whitelist the domain you are trying to hit. Each 3 host name / FQDN needs to be on it's own 2 line - there are no wildcards and the name 1 must match exactly. From the KB Article:

  • Click Start, click Run, type regedit, and then click OK.
  • In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  • Right-click MSV1_0, point to New, and then click Multi-String Value.
  • Type BackConnectionHostNames, and then press ENTER.
  • Right-click BackConnectionHostNames, and then click Modify.
  • In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  • Exit Registry Editor, and then restart the computer.

http://support.microsoft.com/kb/956158/en-us

Score: 4

Have you tried ...

new NetworkCredential( "peter", "password", "boxname" );

You might also try ...

var credCache = new CredentialCache();
credCache.Add( new Uri ("http://localhost/upload.aspx"),
                 "Negotiate",
                 new NetworkCredential("peter", "password", "boxname"));
wc.Credentials = credCache;

Also, according 5 to this it may be that IIS is configured wrong. Try 4 replacing "Negotiate" with "Basic" in 3 the above and checking your IIS config for 2 the website. There's also a bunch of possible 1 causes here.

Score: 1

Try going into IE's options and explicitly 6 add the site to the Intranet Zone. Then 5 re-run the program. You should also not 4 run the program from an administrator login. This 3 may trigger the Enhanced Security Configuration for Internet Explorer.

It could explain why you 2 can hit the site with Firefox and Opera, but 1 not with IE or WebClient.

Score: 0

Without knowing your IIS deployment, and 17 assuming that you have the correct authorization 16 rules for upload set in IIS (e.g. the right 15 allow* ACL's on the right dirs you are trying 14 to upload content to, etc), first thing 13 I would try is to set UseDefaultCredentials 12 to true instead of explicitly set Credential. (Maybe 11 you think you are accessing the server with 10 the Credentials you are setting but that's 9 not the case? That would be possible if 8 this works.)

This is a very common scenario, so 7 I would focus on IIS authorization rules 6 for the directory in which you are trying 5 to upload the file, the actual ACL's on 4 that directory. For ex. is your site impersonating 3 or not? if it is, then you have to have 2 actual ACL's on that dir, otherwise whatever 1 account app pool is running on.

More Related questions