11.3 Get an HTML Page from a Site That Requires Authentication

Problem

You need to retrieve a file from a Web site, but the Web site requires some sort of authentication credentials.

Solution

Use the WebRequest and WebResponse classes as described in recipe 11.2. However, before using the request, configure the WebRequest.Credentials property with the authentication information.

Discussion

Some Web sites require user authentication information. When connecting through a browser, this information might be submitted transparently (for example, on a local intranet site that uses Windows integrated authentication), or the browser might request this information with a login dialog box. When accessing a Web page programmatically, your code needs to manually submit this information.

The approach you use depends on the type of authentication used by the Web site.

• If the Web site is using basic or digest authentication, you can transmit a user name and password combination by manually creating a new System.Net.NetworkCredential object and assigning it to the WebRequest.Credentials property. With digest authentication, you may also supply a domain name.

• If the Web site is using Windows integrated authentication, you can take the same approach and manually create a new System.Net.NetworkCredential object. Alternatively, you can retrieve the current user login information from the System.Net.CredentialCache object.

• If the Web site requires a client-certificate, you can load the certificate from a file using the System.Security.Cryptography.X509Certificates.X509Certificate class, and add that to the HttpWebRequest.ClientCertificates collection.

Here's a code example that shows all three of these basic approaches:

 using System; using System.Net; using System.Security.Cryptography.X509Certificates; public class DownloadWithAuthentication {     private static void Main() {         string uriBasic, uriIntegrated, uriCertificate;         // (Assign these three URIs.)         // Authenticate the user with a user name and password combination         // over Basic authentication.         WebRequest requestA = WebRequest.Create(uriBasic);         requestA.Credentials = CredentialCache.DefaultCredentials;         requestA.PreAuthenticate = true;         // Log the current user in with Windows integrated authentication.         WebRequest requestB = WebRequest.Create(uriIntegrated);         requestB.Credentials = new NetworkCredential("userName", "password");         requestB.PreAuthenticate = true;         // Authenticate the user by adding a client certificate.         HttpWebRequest requestC = (HttpWebRequest)           WebRequest.Create(uriCertificate);         X509Certificate cert =           X509Certificate.CreateFromCertFile(@"c:\user.cer");         requestC.ClientCertificates.Add(cert);         // (Now get and process the responses.)     } }