System.Net.WebClient vs. Proxy Authentication 407 error

Question

I'm trying to figure out how to robustly handle proxy authentication errors (HTTP 407 status code) when using the System.Net.WebClient class.

In the field, we see many users receiving a 407 proxy authentication WebException, but I'm not sure what a good default strategy is. In .Net 2.0/3.5, the proxy authentication settings are supposed to be inherited from the Internet Explorer system settings. Firefox, Opera and Chrome use these same settings.

Here's the basic code we are using:

using System.Net;

string url = "http://www.mysite.com";
WebClient webClient = new WebClient();
byte[] data = webClient.DownloadFile(url);

When this code fails, we open the user's browser and send them to a help page. From our web logs, we know these customers can successfully connect in their browsers. Perhaps they are manually entering their proxy user name and password before they get to our help page? We don't know.

It seems that we could use WebClient.UseDefaultCredentials, but this seems redundant if WebClient is using the system settings anyway.

Any help is appreciated.

Answer 1

Internet Explorer does not persistently cache/reuse proxy authentication credentials if the proxy auth uses BASIC or DIGEST. For Negotiate/NTLM, default credentials will be provided.

Hence, even though .NET inherits from IE settings, you won't get any "free" support for proxy authentication for Basic/Digest unless you happen to be running in IE; you'll need to prompt the user or provide a configuration screen.

Fiddler (www.fiddler2.com) has the "Request Proxy Authentication" option on the Rules menu that you can use to simulate this scenario for testing.

Answer 2

We solved that problem by adding a config dialog which alows the user to choose "use proxy". If this setting is done we use these parameter (address, credentials...). If not - we assume that a connection can be made without any manual interaction. In the case of an error we do: a.) try again using default credentials b.) popup an information that a setting in config could help...

If proxy authentication is done via "default credentials" (Windows user) IE also reacts to an auth error and sends default credentials in this case. If this does not work it opens a credentials dialog. I'm not sure if all browsers handle this that way - but you can simply give it a try using fiddler, so you can see what's going on.

Answer 3

I know this is an old post but I had a similar problem trying to download an XML file using WebClient in an SSIS 2008R2 (SQL Server Integration Services) script task (VB.NET Code) through a Proxy Server to a remote site secured via SSL that also required authentication.

Took a while to find a solution and this post helped on the proxy side. Below is the script code that worked for me. Might be useful to someone searching for similar.

    Dim objWebClient As WebClient = New WebClient()
    Dim objCache As New CredentialCache()

    'https://www.company.net/xxxx/resources/flt
    Dim strDownloadURL As String = Dts.Variables("FileURL").Value.ToString

    'apiaccount@company.net
    Dim strLogin As String = Dts.Variables("FileLogin").Value.ToString

    'sitepassword
    Dim strPass As String = Dts.Variables("FilePass").Value.ToString

    'itwsproxy.mycompany.com
    Dim strProxyURL As String = Dts.Variables("WebProxyURL").Value.ToString

    '8080
    Dim intProxyPort As Integer = Dts.Variables("WebProxyPort").Value

    'Set Proxy & Credentials as a Network Domain User acc to get through the Proxy
    Dim wp As WebProxy = New WebProxy(strProxyURL, intProxyPort)
    wp.Credentials = New NetworkCredential("userlogin", "password", "domain")
    objWebClient.Proxy = wp

    'Set the Credentials for the Remote Server not the Network Proxy
    objCache.Add(New Uri(strDownloadURL), "Basic", New NetworkCredential(strLogin, strPass))
    objWebClient.Credentials = objCache

    'Download file, use Flat File Connectionstring to save the file
    objWebClient.DownloadFile(strDownloadURL, Dts.Connections("XMLFile").ConnectionString)