I’ve got a site I recently converted from forms authentication to Windows authentication. I finally got it working correctly. I’m running into one issue that I haven’t found a suitable workaround for yet. We have several pages that from within the backend code will call other pages and retrieve content sections from the returned page. Since the code is calling the other page, I am getting an access denied error (the code can’t pass the authentication). I’ve tried several ways of passing windows credentials with the request and all have failed.
I’m willing to create an AD user for this function and hardcode the username and password with the request so that the information can be retrieved. Can anyone give me code that will allow me to do this, so far I’ve been unsuccessful. Thanks.
-Edit-
I don’t remember them all, but here’s the last one I tried:
Dim wc As New WebClient()
Dim credential As NetworkCredential = New NetworkCredential(ADusername, ADPwd, ADDomain)
wc.Credentials = credential
Dim strXML As String = wc.DownloadString(RssFeedUrl)
This causes the page to return (401) Unauthorized.
Another thing I tried… one of the ‘retrievals’ is an RSS feed, this is the location of the feed.
<location path="RSS.ashx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
It didn’t seem to help.
Turns out that after some more testing, I found that the code above actually works. I copied it to a windows application and ran it on several machines. All worked correctly with the exception of the server I wanted to host the code on. Did some digging into the Event viewer and there were some failed security audits. Using this information I found that there is a ‘loopback check’ on the server. Using Microsoft KB article 896861 I disabled the loopback check for the site and voila! it is now working.