Login/Register
Why does CredentialCache.DefaultCredential contain empty strings for domain, username, and password
Asked Answered
Solved iisnetworkcredentials
A

2

4

Does anyone have any ideas as to why CredentialCache.DefaultCredential would return an ICredential instance with empty strings for domain, username, and password? I'm running a WCF service on IIS 7.5. It works fine on one server but never works on another. I have verified that the IIS application has Windows Authentication enabled....

Here is how it's being used:

string url = string.Format("{0}/departments/finance/_vti_bin/listdata.svc", _IntranetAddress);
var financeDataContext = new FinanceDataContext(new Uri(url))
{
    Credentials = CredentialCache.DefaultCredentials
};
Acadian answered 2/10, 2011 at 18:55 Comment(0)
B
1

The NetworkCredential returned from CredentialCache.DefaultCredential is just a placeholder. If you look at it using the Debugger, you'll see that it's of type SystemNetworkCredential. Internal API check for this type to see if integrated authentication should be used or not. There are other ways to get the current username (like WindowsIdentity.GetCurrent()).

EDIT: To specify impersonation for a WCF operation, add this attribute to the method implementing a contract:

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public void SomeMethod() 
{
    // do something here
}
Bullet answered 18/10, 2011 at 10:37 Comment(8)
I guess I should have specified this to begin with but I need the credentials to pass to sharepoint to perform a service operation. I am not just looking to get the username.Acadian
Well, then go ahead and use the DefaultCredentials with your SharePoint request. This should be no problem. The issue you might run into is that you have not enabled impersonation on your WCF service. See my answer on how to do this. And if your WCF service and the Sharepoint server are on different servers, you'll need to configure Kerberos, as NTLM does not support delegation of credentials.Bullet
I really don't to use impersonation. The credentials that I'm expecting to get from CredentialCache.DefaultCredential is the identity of the app pool (which I have verified is correct).Acadian
Then I don't see your problem here - just use the DefaultCredential with your Sharepoint Request.Bullet
The problem is that CredentialCache.DefaultCredential is returning credentials with an empty domain and username instead of the expected app pool identity.Acadian
Perhaps you could post some code here so we can see how you make your request.Bullet
If I let the program run then I get a not authorized exception when calling SharePoint. This is due to the odd fact that for some reason the username and domain name are empty.Acadian
So it turns out that someone had played around with the IIS setup and changed the app pool identity. This is why we don't let everyone and their grandmother on the server! Thanks for your help fellas.Acadian
H
3

I am not sure how it is working in one of your servers? I hope you already read this http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials.aspx but it clearly says "The ICredentials instance returned by DefaultCredentials cannot be used to view the user name, password, or domain of the current security context."

Hy answered 17/10, 2011 at 2:48 Comment(1)
That's interesting. I can definitely see the domain and username on other environments. I'll give that a read and see if anything pops out.Acadian
B
1

The NetworkCredential returned from CredentialCache.DefaultCredential is just a placeholder. If you look at it using the Debugger, you'll see that it's of type SystemNetworkCredential. Internal API check for this type to see if integrated authentication should be used or not. There are other ways to get the current username (like WindowsIdentity.GetCurrent()).

EDIT: To specify impersonation for a WCF operation, add this attribute to the method implementing a contract:

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public void SomeMethod() 
{
    // do something here
}
Bullet answered 18/10, 2011 at 10:37 Comment(8)
I guess I should have specified this to begin with but I need the credentials to pass to sharepoint to perform a service operation. I am not just looking to get the username.Acadian
Well, then go ahead and use the DefaultCredentials with your SharePoint request. This should be no problem. The issue you might run into is that you have not enabled impersonation on your WCF service. See my answer on how to do this. And if your WCF service and the Sharepoint server are on different servers, you'll need to configure Kerberos, as NTLM does not support delegation of credentials.Bullet
I really don't to use impersonation. The credentials that I'm expecting to get from CredentialCache.DefaultCredential is the identity of the app pool (which I have verified is correct).Acadian
Then I don't see your problem here - just use the DefaultCredential with your Sharepoint Request.Bullet
The problem is that CredentialCache.DefaultCredential is returning credentials with an empty domain and username instead of the expected app pool identity.Acadian
Perhaps you could post some code here so we can see how you make your request.Bullet
If I let the program run then I get a not authorized exception when calling SharePoint. This is due to the odd fact that for some reason the username and domain name are empty.Acadian
So it turns out that someone had played around with the IIS setup and changed the app pool identity. This is why we don't let everyone and their grandmother on the server! Thanks for your help fellas.Acadian

© 2022 - 2024 — McMap. All rights reserved.