Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

AuthenticationManager.CustomTargetNameDictionary Property

Gets the dictionary that contains Service Principal Names (SPNs) that are used to identify hosts during Kerberos authentication for requests made using WebRequest and its derived classes.

Namespace: System.Net
Assembly: System (in system.dll)

public:
static property StringDictionary^ CustomTargetNameDictionary {
	StringDictionary^ get ();
}
/** @property */
public static StringDictionary get_CustomTargetNameDictionary ()

public static function get CustomTargetNameDictionary () : StringDictionary

Not applicable.

Property Value

A writable StringDictionary that contains the SPN values for keys composed of host information.

An SPN is a name by which a client uniquely identifies an instance of a service or application on a server for purposes of mutual authentication. Mutual authentication is requested by default, and you can require it by setting WebRequest.AuthenticationLevel to MutualAuthRequired in your request.

When a WebRequest requires mutual authentication, the SPN for the destination must be supplied by the client. If you know the SPN, you can add it to the CustomTargetNameDictionary before sending the request. If you have not added SPN information to this dictionary, the AuthenticationManager uses the RequestUri method to compose the most likely SPN; however, this is a computed value and might be incorrect. If mutual authentication is attempted and fails, you can check the dictionary to determine the computed SPN. No SPN is entered into the dictionary if the authentication protocol does not support mutual authentication.

To add an SPN value to this dictionary, use the AbsoluteUri of the RequestUri as the key. Internally, the key is truncated to include the Scheme, Host, and the Port if it is not the default port.

NoteNote:

Accessing the methods and properties of the CustomTargetNameDictionary requires unrestricted WebPermission.

NoteNote:

When Kerberos authentication is performed through a proxy, both the proxy and the ultimate host name need to be resolved to an SPN. The proxy name resolution is protected by a timeout. Resolution of the ultimate host name to a SPN requires a DNS lookup, and there is no timeout associated directly with this operation. Therefore synchronous operations may take longer to timeout. To overcome this, add the ultimate host's URI prefix to the SPN cache prior to making requests to it.

The following code example demonstrates displaying the contents of the CustomTargetNameDictionary.

static void RequestResource( Uri^ resource )
{
   // Set policy to send credentials when using HTTPS and basic authentication.
   // Create a new HttpWebRequest object for the specified resource.
   WebRequest^ request = dynamic_cast<WebRequest^>(WebRequest::Create( resource ));

   // Supply client credentials for basic authentication.
   request->UseDefaultCredentials = true;
   request->AuthenticationLevel = AuthenticationLevel::MutualAuthRequired;
   HttpWebResponse^ response = dynamic_cast<HttpWebResponse^>(request->GetResponse());

   // Determine mutual authentication was used.
   Console::WriteLine( L"Is mutually authenticated? {0}", response->IsMutuallyAuthenticated );
   System::Collections::Specialized::StringDictionary^ spnDictionary = AuthenticationManager::CustomTargetNameDictionary;
   System::Collections::IEnumerator^ myEnum = spnDictionary->GetEnumerator();
   while ( myEnum->MoveNext() )
   {
      DictionaryEntry^ e = safe_cast<DictionaryEntry^>(myEnum->Current);
      Console::WriteLine( "Key: {0}  - {1}", dynamic_cast<String^>(e->Key), dynamic_cast<String^>(e->Value) );
   }

   // Read and display the response.
   System::IO::Stream^ streamResponse = response->GetResponseStream();
   System::IO::StreamReader^ streamRead = gcnew System::IO::StreamReader( streamResponse );
   String^ responseString = streamRead->ReadToEnd();
   Console::WriteLine( responseString );

   // Close the stream objects.
   streamResponse->Close();
   streamRead->Close();

   // Release the HttpWebResponse.
   response->Close();
}

/*

The output from this example will differ based on the requested resource
and whether mutual authentication was successful. For the purpose of illustration,
a sample of the output is shown here:

Is mutually authenticated? True
Key: http://server1.someDomain.contoso.com  - HTTP/server1.someDomain.contoso.com

<html>
...
</html>

*/

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.