Archive for the ‘ASP.Net’ Category

ASP.NET Code Delimiters

January 19th, 2011 No comments

When working in ASP.Net there are a number of code delimiters you need to be aware of, the most recognizable one is <% which, for anyone who has worked with anything from Classic ASP 1.0 (anyone remember IIS 3?) through ASP.Net 4.0 will recognize. Some people call them tags or code shortcuts, both of which are only partly true. Calling them “tags” is a little misleading because ASP.NET tags are really things such as “<asp:DropDownList />” and “<asp:ListItem />“. Calling them code shortcuts is a bit misleading as well because, while some of them are shortcuts (<%= ... %> is a shortcut for <% Response.Write (...) %>) not all of them have this kind of purpose.
Read more…

Categories: ASP.Net Tags:

401 Error on HttpWebRequest with NTLM Authentication

August 24th, 2009 1 comment

Due to a security update to SMB that fixes a remote code execution vulnerability, you may experience 401.1 or 401.2 errors in certain situations while performing a WebRequest to one of your servers. This is because part of the security update institutes a loopback check on the authentication requests to prevent replay attacks. The Microsoft KB article refers to a few different scenarios where you can see authentication problems after applying this patch, but the one I’m most interested in is when you start getting 401 errors after an HttpWebRequest on an ASP.Net page.

The issues I experienced were while creating a page to display general status of one of my companies Sharepoint servers. The main issue which is the meat of this article was when I switched the authentication over to use NTLM instead of Digest, which broke my script. Everything I had in place should have worked, but the previously mentioned security update slipped under the radar and it took a while to figure out what was going on. You can do a basic web request on a server with Basic authentication by doing the following:

Dim _response As String
Dim _auth As String = "Basic"
Dim _uri As Uri = New Uri("http://my.domain.local/my-page.aspx")
Dim _req As HttpWebRequest = WebRequest.Create(_uri)
Dim _cc As CredentialCache = New CredentialCache()
Dim _res As HttpWebResponse
Dim _sr As StreamReader

_cc.Add(_uri, _auth, New NetworkCredential("username", "password", "domain"))
_req.PreAuthenticate = True
_req.Credentials = _cc.GetCredential(_uri, _auth)
_res = _req.GetResponse
_sr = New StreamReader(_res.GetResponseStream)
_response = _sr.ReadToEnd

Read more…