How to use proxy like browser OR CredentialCache.DefaultCredentials different between XP and 7

Asked 22/10, 2012 at 19:55 Answered 31/10, 2012 at 21:27

I am able to fix a problem with a client where they cannot authenticate through a proxy doing the following:

    var proxy = WebRequest.GetSystemWebProxy();
    proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
    service.Proxy = proxy;

This works fine for Windows XP, however on Windows 7 I get a 407 (proxy not authenticated exception). Does anybody know what the difference is, and more importantly, what I need to do to get this to work on both OS?

UPDATE

I am having the users check the following:

In the registry editor, can you go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and let me know what the value is for CachedLogonsCount. f
In the Start box, type in Group Policy and an option to Edit Group Policy should pop up, click on it. Then go to Computer Configuration\Administrative Templates\System\User Profiles\Delete cached copies of roaming profiles and let me know if it is configured, and if so, to what is it set?

UPDATE FOR BOUNTY

So, I added the bounty. I can take a solution from here, or just an alternate means to getting through a proxy on Windows 7...

Another Update

I am not sure if this is useful or not, but we are also doing the following:

service.PreAuthenticate = true;
service.Url = "myurl";
service.Credentials = new NetworkCredential(txt_UserName.Text, txt_Password.Text);

My temporary solution

This is not really a solution, but works for now. I am using the app.config and setting the proxy to be default, with a ByPassList so that the proxy is not even used. This is only doable since the proxy does not have a strong firewall currently. For other clients, I need to get the above to work

Redmon answered 22/10, 2012 at 19:55 Comment(2)

This has some sort of smell of UAC... – V2 22/10, 2012 at 19:59

I agree, but I cannot find any documentation along these lines. I am trying to find such documentation, and if I cannot find that, I will try to decompile the code and figure out what it is doing explicitly – Redmon 22/10, 2012 at 20:0

This piece of code works for me on XP, Win7 and 2008

var webProxy = new WebProxy(WebRequest.DefaultWebProxy.GetProxy(new Uri({TheURLoftheService})));
webProxy.Credentials = CredentialCache.DefaultCredentials;
webProxy.UseDefaultCredentials = true;
service.Proxy = webProxy;

Unrestrained answered 26/10, 2012 at 1:45 Comment(1)

This did not solve the problem. It is the same thing I am doing now, except you are getting the proxy in a different manner. The UseDefaultCredentials = true does nothing when DefaultCredentials is already set, per msdn.microsoft.com/en-us/library/… – Redmon 31/10, 2012 at 2:41

actually looks like they "fixed" it in Win7 :) Can you confirm that both client and server are specifying http 1.1

Now let's discuss as to why the browser works in this scenario. IE uses WinINet under the hood rather than WinHTTP. If we look at the network traces we see that IE sends HTTP/1.1, but the proxy replies with HTTP/1.0. IE still accepts this behavior, because in the internet scenario there are countless number of clients and servers which still use HTTP/1.0.

WinHTTP strictly requires HTTP/1.1 compliance for keeping the connection alive and HTTP Keep-Alives are not supported in HTTP/1.0 protocol. HTTP Keep-Alive feature was introduced in the HTTP/1.1 protocol as per RFC 2616. The server or the proxy which expects the keep-alive should also implement the protocol correctly. WinHTTP on Windows 7, Windows 2008 R2 are strict in terms of security wrto protocol compliance. The ideal solution is to change the server/proxy to use the right protocol and be RFC compliant.

http://blogs.msdn.com/b/httpcontext/archive/2012/02/21/changes-in-winhttp-on-windows-7-and-onwards-wrto-http-1-0.aspx

Revelationist answered 31/10, 2012 at 3:33 Comment(3)

Very interesting! I will have to check when I get to work. If so, this is very much worth the 250 bounty :) – Redmon 31/10, 2012 at 4:47

Sorry, no luck. Here is the PCAP output: CONNECT URL:443 HTTP/1.1\r\n followed by a HTTP/1.1 407 Unauthorized\r\n HTTP 1.1 is specified in request and response – Redmon 31/10, 2012 at 16:47

While this does not work, I am going to award the bounty to you as you came up with the only response that was not what mine already was "essentially" – Redmon 1/11, 2012 at 20:31

Will this work?

I am using this to set proxy, so far we did not encounter an error on all windows platform

Uri address = new Uri("http://your-webservice-address");

//Get User current network credential
ICredentials credentials = CredentialCache.DefaultCredentials;
NetworkCredential credential = credentials.GetCredential(address, "Basic");

//Get HttpWebRequest
HttpWebRequest request = WebRequest.Create(address) as HttpWebRequest;

//Network Credential should be included on the request to avoid network issues when requesting to the web servic
request.Proxy = WebRequest.DefaultWebProxy;
request.Credentials = new NetworkCredential(credential.UserName, credential.Password, credential.Domain);

Selfabnegation answered 31/10, 2012 at 20:44 Comment(2)

I have tried getproxy using the address, but not getcredentials. I will give this a try and let you know – Redmon 1/11, 2012 at 15:48

ok cool.. let me know when you tried it and encountered some errors – Selfabnegation 1/11, 2012 at 18:13

It's hard to say based on the code you've given. I'd suspect that it's either your IE settings or your proxy variables.

Check http://social.msdn.microsoft.com/Forums/en/netfxnetcom/thread/61b71194-1758-4c7b-89fe-91be7363db13 it may help.

Aminoplast answered 31/10, 2012 at 21:27 Comment(0)

Recommended topics

Hot tags