How do I get an already (basic) authenticated context to call a web service behind the same authentication?

Question

I have a site behind basic authentication (IIS6).

Part of this site calls a web service that is also part of the site and thus behind basic authentication as well.

However, when this happens the calling code receives a 401 Authentication Error.

I've tried a couple of things, with the general recommendation being code like this:

Service.ServiceName s = new Service.ServiceName();
s.PreAuthenticate = true;
s.Credentials = System.Net.CredentialCache.DefaultCredentials;
s.Method("Test");

However, this does not seem to resolve my problem.

Any advice?

Edit

This seems to be a not uncommon issue but so far I have found no solutions. Here is one thread on the topic.

Answer 1

Solution: (I am almost certain this will help someone)

See this link for the source of this solution in VB (thanks jshardy!), all I did was convert to C#.

NB: You must be using ONLY basic authentication on IIS for this to work, but it can probably be adapted. You also need to pass a Page instance in, or at least the Request.ServerVariables property (or use 'this' if called from a Page code-behind directly). I'd tidy this up and probably remove the use of references but this is a faithful translation of the original solution and you can make any amendments necessary.

public static void ServiceCall(Page p)
{
    LocalServices.ServiceName s = new LocalServices.ServiceName();
    s.PreAuthenticate = true; /* Not sure if required */

    string username = "";
    string password = "";
    string domain = "";
    GetBasicCredentials(p, ref username, ref password, ref domain);

    s.Credentials = new NetworkCredential(username, password, domain);
    s.ServiceMethod();
}


/* Converted from: http://forums.asp.net/t/1172902.aspx */
private static void GetBasicCredentials(Page p, ref string rstrUser, ref string rstrPassword, ref string rstrDomain)
{
    if (p == null)
    {
        return;
    }

    rstrUser = "";
    rstrPassword = "";
    rstrDomain = "";

    rstrUser = p.Request.ServerVariables["AUTH_USER"];
    rstrPassword = p.Request.ServerVariables["AUTH_PASSWORD"];

    SplitDomainUserName(rstrUser, ref rstrDomain, ref rstrUser);

    /* MSDN KB article 835388
       BUG: The Request.ServerVariables("AUTH_PASSWORD") object does not display certain characters from an ASPX page */
    string lstrHeader = p.Request.ServerVariables["HTTP_AUTHORIZATION"];
    if (!string.IsNullOrEmpty(lstrHeader) && lstrHeader.StartsWith("Basic"))
    {
        string lstrTicket = lstrHeader.Substring(6);
        lstrTicket = System.Text.Encoding.Default.GetString(Convert.FromBase64String(lstrTicket));
        rstrPassword = lstrTicket.Substring((lstrTicket.IndexOf(":") + 1));
    }

    /* At least on my XP Pro machine AUTH_USER is not set (probably because we're using Forms authentication 
       But if the password is set (either by AUTH_PASSWORD or HTTP_AUTHORIZATION)
       then we can use LOGON_USER*/
    if (string.IsNullOrEmpty(rstrUser) && !string.IsNullOrEmpty(rstrPassword))
    {
        rstrUser = p.Request.ServerVariables["LOGON_USER"];
        SplitDomainUserName(rstrUser, ref rstrDomain, ref rstrUser);
    }
}

/* Converted from: http://forums.asp.net/t/1172902.aspx */
private static void SplitDomainUserName(string pstrDomainUserName, ref string rstrDomainName, ref string rstrUserName)
{
    rstrDomainName = "";
    rstrUserName = pstrDomainUserName;

    int lnSlashPos = pstrDomainUserName.IndexOf("\\");
    if (lnSlashPos > 0)
    {
        rstrDomainName = pstrDomainUserName.Substring(0, lnSlashPos);
        rstrUserName = pstrDomainUserName.Substring(lnSlashPos + 1);
    }
}

Answer 2

The Line:

s.Credentials = System.Net.CredentialCache.DefaultCredentials();

Maybe you should try :

s.Credentials = HttpContext.Current.User.Identity;