C# HttpWebRequest with SSO

Question

I have a C# application that connects to a web-service API. We have been using Basic Authentication to connect and that works OK. Now in an environment with SSO, it fails to connect and returns an "UnAuthorized" error when attempting to connect to access the web service URL.

The connection happens in a library that we are using. I can see that the library uses HttpWebRequest and has code like the following:

    HttpWebRequest conn = (HttpWebRequest)WebRequest.Create(url.Url);
    conn.Method = method;
    resource.StartResource(conn);
    ...
    string userAgent = session.GetValue(SessionParameter.UserAgent) as String;
    conn.UserAgent = userAgent == null ? "API Client" : userAgent;
    ...
    if (user != null || password != null)
    {
        conn.Credentials = new NetworkCredential(user ?? string.Empty, password ?? string.Empty);
    }
    ...
    conn.PreAuthenticate = true;
    ...
    conn.CookieContainer = Cookies;
    ...
    HttpWebResponse response = (HttpWebResponse)conn.GetResponse();

What do I need to do differently in the case when SSO is used?

My guess is that you may not be accepting cookies which is what a lot of SSO implementations use. Check out this to see if it helps: https://stackoverflow.com/questions/2972643/how-to-use-cookies-with-httpwebrequest — Michael Coxon, Sep 29 '17 at 15:55
Thanks. The library code that sets up the request is very long. I do see that it adds the Cookies. I edited my original post and added that. Is there something that I could inspect in the CookieContainer prior to the response being sent that might be a clue for what is wrong? The same URL that is used by the HttpWebResponse works in a browser. — George Hernando, Sep 29 '17 at 16:14
Without more info about the API that you are connecting to it is pretty hard to even speculate. Are you able to provide that information? — Michael Coxon, Sep 29 '17 at 16:18

score 0 · Answer 1 · answered May 19 '22 at 19:01

0

It might even relate (for some SSO set-ups) to the need for the inclusion of a CORS 'origin' (HTTP) header.

answered May 19 '22 at 19:01

DennisVM-D2i

416
3
8

C# HttpWebRequest with SSO

1 Answers1