hi guys as topic says im in need with a project to find a way to connect to a remote server like
http://cdn.col.dk/getdata.asmx
but it gives a windows authentication login box but i need to do this with out user intervention and i know there is way using
http://user:pw@cdn.col.dk/getdata.asmx
but that would make it visible in the HTML code and very less secure. is there not a way to protect API site from external use and so only the webserver can use the API im looking for alternative for the above.
or is there a way i can pass the credentials with out the user knowing and seeing.
If the client is already logged into the domain with IWA credentials, then they will be passed to the server if configured to require them.
You do not want to pass the credentials in the URL.
You might try placing a simple INDEX.HTML into the same directory as the ASMX, enable IWA (disable Anonymous) and see if you get the challenge response. If you do then either the client did not pass them or the server did not like what it received.
As long as the client and server are in the same domain or different domains where a trust exists between them, then IWA will work without prompting for credentials, if configured correctly.
Member
2 Points
3 Posts
connecting to remote site with API using Windows authentication passively
May 08, 2014 02:45 AM|JensSimonsen|LINK
hi guys as topic says im in need with a project to find a way to connect to a remote server like http://cdn.col.dk/getdata.asmx
but it gives a windows authentication login box but i need to do this with out user intervention and i know there is way using http://user:pw@cdn.col.dk/getdata.asmx
but that would make it visible in the HTML code and very less secure. is there not a way to protect API site from external use and so only the webserver can use the API im looking for alternative for the above.
or is there a way i can pass the credentials with out the user knowing and seeing.
thanks regards jens
Participant
860 Points
206 Posts
Re: connecting to remote site with API using Windows authentication passively
May 08, 2014 08:33 AM|Perkinsville|LINK
Hi,
You might want to check out OAuth: http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
If the client is already logged into the domain with IWA credentials, then they will be passed to the server if configured to require them.
You do not want to pass the credentials in the URL.
You might try placing a simple INDEX.HTML into the same directory as the ASMX, enable IWA (disable Anonymous) and see if you get the challenge response. If you do then either the client did not pass them or the server did not like what it received.
As long as the client and server are in the same domain or different domains where a trust exists between them, then IWA will work without prompting for credentials, if configured correctly.
HTH, Benjamin