Handling 401s with www-authenticate: Negotiate

[Chris Wood]

Hi there,

Short question: how do I use DefaultCredentials when I receive the WBAuthenticate event?

Longer description...

I'm using csEXWB to connect to a URL (let's say https://server/) and the web site on that server requires Windows Authentication. It includes the following header in the 401 response:

www-authenticate: Negotiate

Interestingly, that's how it appears verbatim. I'd expect it to be "WWW-Authenticate", but there you go..

This raises the WBAuthenticate event in csEXWB. All I want to do is to get it to use the credentials of the current user, silently using NTLM. I've read the comments in the code which says to use the DOMAIN\Username format for the username so have been handling the event as follows:

    Private Sub wb_WBAuthenticate(ByVal sender As Object, ByVal e As csExWB.AuthenticateEventArgs) Handles wb.WBAuthenticate

        Try

            MessageBox.Show(My.User.CurrentPrincipal.Identity.Name)

            e.username = My.User.CurrentPrincipal.Identity.Name

            e.retvalue = 0

            e.handled = True

        Catch ex As Exception

            MessageBox.Show(ex.ToString)

        End Try

    End Sub

Using Fiddler, I can see that another request to the same URL is made afterwards, but in the request headers there's nothing there that can be used for authentication.

Can anybody point me in the right direction?

Many thanks,

Chris