2

I have a C# webservice hosted in IIS with Windows authentication enabled that I call from a Delphi 7 client.

When I call the method, I have a system login dialog and I have to enter my windows username and password in order to be authenticated.

Is there a way to skip the login dialog and use the current logged user credentials to call the webservice?

I saw a lot on post explaining how to avoid this login dialog with basic authentication by "injecting" the username/password element with InternetSetOption(...) on the BeforePost event, but nothing about Windows authentication. I was expecting everything to work flawlessly...

Thanks

EDIT

  • The current authentication type is NTLM.

  • My application do not have any login/password dialog. The login dialog I refer to is a system login dialog with "Windows security" in the title

  • The C# server and Delphi client are running on the same computer. My computer is part of a domain and the server will be called only within the local network.

EDIT #2 When the login is prompted, there's the request headers:

POST https://vbergeron.info.com/dev-mmcore/SecurityService.svc HTTP/1.1
SOAPAction: "http://mysite.ca/schemas/mobilemed-ws/security/ISecurityService/GetPermissions"
Content-Type: text/xml
User-Agent: mmrdv.exe/4.0.0.0 Windows-7-SP1/6.1.7601 Ultimate/x86
Host: vbergeron.info.com
Content-Length: 366
Connection: Keep-Alive
Cache-Control: no-cache

Here`s the response header:

HTTP/1.1 401 Unauthorized
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
WWW-Authenticate: NTLM
WWW-Authenticate: Negotiate
X-Powered-By: ASP.NET
Date: Fri, 07 Jun 2013 14:38:35 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication

So the HTTPRio do not "handle" the NTLM header properly. It`s supposed to catch the 401 and resend the request including the authentication information... Right?

vIceBerg
  • 4,197
  • 5
  • 40
  • 53
  • See http://stackoverflow.com/questions/4459637/consuming-web-service-with-authentication-allways-give-message-authentication-re – mjn Jun 06 '13 at 17:34
  • @mjn, it's a Windows authentication problem. – Fabricio Araujo Jun 06 '13 at 17:35
  • @FabricioAraujo if a SOAP Web Service uses HTTP, and the HTTPRio client shows a dialog, it is a HTTP Auth problem – mjn Jun 06 '13 at 17:36
  • @mjn, is not an APPLICATION dialog, it's a SYSTEM dialog. He's not authenticating to the WebServer, he's authenticating to DOMAIN server. – Fabricio Araujo Jun 06 '13 at 17:38
  • @FabricioAraujo I know that, HTTP NTLM authentication will pop up a system dialog. – mjn Jun 06 '13 at 17:41
  • 1
    @vIceBerg. Are the C# Web service and Delphi 7 client running in the a Windows domain or is it for access on the Internet? If yes to the former, you could use WIA (Windows Integrated Authentication), the Windows login credentials are used transparently. Done that a few weeks ago. – Jack G. Jun 06 '13 at 18:02
  • Thanks all. See my edit for more informations – vIceBerg Jun 06 '13 at 18:23
  • @J.Gonzalez: How do I use WIA? Can you point me to some articles? Or assist me? – vIceBerg Jun 06 '13 at 18:24
  • @J.Gonzalez: I would really appreciate a follow-up from you – vIceBerg Jun 10 '13 at 14:58
  • @vIceBerg. I did that for a customer and the code is under NDA. That said, as some starting pointers, what I did was to use WinHTTP to get WIA and received some credentials (some security tokens, but not a usr/pwd) that was used in HTTPRio. At no point there was a login dialog, but just http 401 or 403 when the client was not authenticated or authorised. – Jack G. Jun 11 '13 at 18:36

1 Answers1

0

For HTTPrio with NTLM (see my answer https://stackoverflow.com/a/1081582/80901):

In the user name property of the WebNode subcomponent of the THTTPRio component, use the domain name followed by a backslash and the user name:

'domain\username'

After entering the WSDL URL at designtime, the HTTPRIO component will list available port and services.

In a HTTP proxy (Don's Proxy), NTLM is displayed as the request authentication type.

Community
  • 1
  • 1
mjn
  • 36,362
  • 28
  • 176
  • 378
  • 1
    I don't know the user`s password and I don't want to ask him to enter it. It's windows authentication, so it should be transparent. – vIceBerg Jun 06 '13 at 18:26
  • @vIceBerg in this case, create a service user account, which can only be used to access the web service - just the same as admins would do for a regular Windows service application. – mjn Jun 07 '13 at 06:25
  • I think you don't understand. It`s possible to use the current Windows credentials as authentication information with a webservioce hosted in the local network. We`re doing it in C# and it`s working well and we do not have any login dialog. I want to do this with Delphi... It should be possible. – vIceBerg Jun 07 '13 at 14:25
  • See my update, for NTLM it is neccessary to pass the NTLM credentials to the HTTPrio component – mjn Jun 08 '13 at 12:12
  • @vlceBerg it should be transparent - but obviously the process which contains the HTTPRio needs a way to get the NTLM credentials - user name and password hash - from Windows, to include this information in the HTTP header. Windows will not automagically insert this in the HTTP request. But I am no NTLM export so I might be wrong... – mjn Jun 10 '13 at 16:37