Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

HttpWebRequest.UnsafeAuthenticatedConnectionSharing Property

Note: This namespace, class, or member is supported only in version 1.1 of the .NET Framework.

Gets or sets a value indicating whether to allow NTLM-authenticated connection sharing.

[Visual Basic]
Public Property UnsafeAuthenticatedConnectionSharing As Boolean
[C#]
public bool UnsafeAuthenticatedConnectionSharing {get; set;}
[C++]
public: __property bool get_UnsafeAuthenticatedConnectionSharing();
public: __property void set_UnsafeAuthenticatedConnectionSharing(bool);
[JScript]
public function get UnsafeAuthenticatedConnectionSharing() : Boolean;
public function set UnsafeAuthenticatedConnectionSharing(Boolean);

Property Value

true, to keep authenticated connections open; otherwise, false.

Remarks

The default value for this property is false, which causes the current connection to be closed after a request is completed. Your application must go through the authentication sequence every time it issues a new request.

If this property is set to true, the connection used to retrieve the response remains open after the authentication has been performed. In this case, other requests that have this property set to true may use the connection without reauthenticating. In other words, if a connection has been authenticated for user A, user B may reuse A's connection; user B's request is fulfilled based on the credentials of user A.

Caution[note] Because it is possible for an application to use the connection without being authenticated, you need to be sure that there is no security vulnerability in your system when setting this property to true. If your application sends requests for multiple users (impersonates multiple user accounts) and relies on authentication to protect resources, do not set this property to true unless you use connection groups as described below.

You may want to consider enabling this mechanism if your are having performance problems and your application is running on a Web server with Windows Integrated Authentication.

Enabling this setting opens the system to security risks. If you set the UnsafeAuthenticatedConnectionSharing to true be sure to take the following precautions:

  • Use the ConnectionGroupName to manage connections for different users. This avoids the potential use of the connection by non-authenticated applications. For example, user A should have a unique connection group name that is different from user B. This provides a layer of isolation for each user account.
  • Run your application in a protected environment to help avoid possible connection exploits.

If you control the back-end server, as an alternative you might consider turning off authentication persistence. This increases the perfomance to a lesser degree, but it is safer. For more details, search for AuthPersistence in the MSDN library.

Requirements

Platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 family

.NET Framework Security: 

  • WebPermission Unrestricted Web permission is required to set this property.

See Also

HttpWebRequest Class | HttpWebRequest Members | System.Net Namespace

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.