I have to access an external Service (Web Application) through a single server (protected with a firewall), so I have to relay / tunnel the HTTP-Requests via a small C# Service Application.
I've written an HttpListener, waiting for requests, calling the external Web-Server, get his response and writing it to the client. This part of the application works smooth.
For auditing purposes I turned on NTLM Authentication on the Listener, so that I can log, which users accessed this service. So far so good.
listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm;
The authentication works, the client gets automatically an HTTP 401 response with the WWW-"Authenticate: NTLM" Header, the client reissues the request with the NTLM-Authorization header, the server respondes with a challenge, the client respondes to the challenge --> the client is authenticated, I am able to access the Identity property in the HttpListenerContext.
But I think, I make a mistake, when I am writing the response back to the client. When the same client does another request, he has to do the whole authentication-procedure from the beginning.
response.StatusCode = (Int32)((HttpWebResponse)remoteResponse).StatusCode;
foreach (var h in remoteResponse.Headers.AllKeys) {
if (!(new string[] { "Content-Type", "Content-Length" }).Contains(h)) {
response.AddHeader(h, response.Headers[h]);
}
}
// Am I missing a Header here???
response.ContentType = remoteResponse.ContentType;
using (Stream input = remoteResponse.GetResponseStream()) {
using (Stream output = response.OutputStream) {
input.CopyTo(output);
}
}
After watching the communication with a IIS-Website I recognized, that IIS respondes the normal request with an "WWW.Authenticate" Hea开发者_开发知识库der + Value. Where do I get this value? Thanks you for your help, or for any hint where to look for more information.
精彩评论