Integrated Security with httpwebrequest

Hot Topic

Fail to serialize object of control by Dot Net XMLSerializer -- Form.Site member is an interface.
Database file tied up after connection closed
Saving an array into a database
Getting Printer Status from DeLink Print Server using SNMP
tableadapter query
Update Multiple TableAdapters in One Transaction
Keep Getting Weird Error
Where do I get svcutil.exe?
phantom "=" signs?
Certain characters cannot be passed to Web Service

.NET Development

Refrerenced memory at 0x0000000c could not be "read"?
broadcast message to all clients
Arraylist of an Arraylist
COLUMN LEVEL RIGTHS AND C# APPLICTIAON
About the retry mechanism of Remoting
Strange XmlSerializer error
what is web.config file what purpose to use
A despert newbie needs help
Strange behavior when making remote call
Data connection failed to open

Integrated Security with httpwebrequest

Hi,

I am working on an vb.net compact framework application that runs on Windows Mobile 5. I'm using httpWebRequest to authenticate to a web server as follows:

mywerequest.Credentials = New NetworkCredential(myusername, mypassword)

The virtual directory that the app communicates with is set thru the IIS to only allow Windows Integrated Security. The reason I use NetworkCredentials instead of the DefaultCredentialCache is because the user doesn't login to the device. The functionality works great the way I have it.

My question is, can I still be confidient that my application is only sending a hash over the network for authentication and not a plain text password, even though I'm not using it the way it is normally used (normal use meaning grabbing credentials from the currently logged on user) Is there a log that I can look at, or some other way to verify what is happening



Answer this question

Integrated Security with httpwebrequest

  • Kai123

    Have you tried ethreal (http://www.ethereal.com/download.html) Its freeware and extremely easy to use with GUI. I hope you'll not face any problem in using it!

    Best Regards,

    Rizwan



  • DJMANCO

    moreOncoding wrote:
    Thanks for the post. In the mean time I was wondering, what do you mean "I think it'll be private" How can it be private if it is no encrypted or only sending a hash

    I said I'm not sure but may be user information is encrypted itself using Credentials . But i think I'm 80% wrong. Please give it try I never tried it!

    Best Regards,

    Rizwan



  • Princila

    I have been trying others because I wanted to view the data as it went out from the device, and I couldn't find an ethereal app that worked on smart devices. But thanks for the link, becaues if I don't get anything to work on the device soon I might have to try from the server side.

  • CarlosV

    Sorry, about taking so long to get back to you. I've been trying to use some network sniffing tools, but I'm having trouble getting any of them working. I'll let you know what I find out when I do get them working.

  • FOD

    Thanks for the post. I've downloaded some network sniffing software and am trying to figure out how to use it. In the mean time I was wondering, what do you mean "I think it'll be private" How can it be private if it is no encrypted or only sending a hash

  • PCSQL66

    Hmm not sure if it's encrypted or not but I think it'll be private; you can double check it using ethreal software (freeware), which is a network sniffing tool, Its really handy to use and you can monitor all data coming and going from your computer.

    I hope this will help!

    Best Regards,

    Rizwan



  • Integrated Security with httpwebrequest
Answer this question