HttpWebRequest..::.UnsafeAuthenticatedConnectionSharing Property

.NET Framework Class Library

Gets or sets a value that indicates whether to allow high-speed NTLM-authenticated connection sharing.

Namespace:  System.Net
Assembly:  System (in System.dll)

 Syntax

Visual Basic (Declaration)

Public Property UnsafeAuthenticatedConnectionSharing As Boolean

Visual Basic (Usage)

Dim instance As HttpWebRequest
Dim value As Boolean

value = instance.UnsafeAuthenticatedConnectionSharing

instance.UnsafeAuthenticatedConnectionSharing = value

C#

public bool UnsafeAuthenticatedConnectionSharing { get; set; }

Visual C++

public:
property bool UnsafeAuthenticatedConnectionSharing {
    bool get ();
    void set (bool value);
}

JScript

public function get UnsafeAuthenticatedConnectionSharing () : boolean
public function set UnsafeAuthenticatedConnectionSharing (value : boolean)

Property Value

Type: System..::.Boolean
true to keep the authenticated connection open; otherwise, false.

 Remarks

The default value for this property is false, which causes the current connection to be closed after a request is completed. Your application must go through the authentication sequence every time it issues a new request.

If this property is set to true, the connection used to retrieve the response remains open after the authentication has been performed. In this case, other requests that have this property set to true may use the connection without re-authenticating. In other words, if a connection has been authenticated for user A, user B may reuse A's connection; user B's request is fulfilled based on the credentials of user A.

Caution:

Because it is possible for an application to use the connection without being authenticated, you need to be sure that there is no administrative vulnerability in your system when setting this property to true. If your application sends requests for multiple users (impersonates multiple user accounts) and relies on authentication to protect resources, do not set this property to true unless you use connection groups as described below.

You may want to consider enabling this mechanism if your are having performance problems and your application is running on a Web server with integrated Windows authentication.

Enabling this setting opens the system to security risks. If you set the UnsafeAuthenticatedConnectionSharing property to true be sure to take the following precautions:

• Use the ConnectionGroupName property to manage connections for different users. This avoids the potential use of the connection by non-authenticated applications. For example, user A should have a unique connection group name that is different from user B. This provides a layer of isolation for each user account.

• Run your application in a protected environment to help avoid possible connection exploits.

If you control the back-end server, as an alternative you might consider turning off authentication persistence. This increases performance to a lesser degree, but it is safer. For more details, search for AuthPersistence in the MSDN library at http://msdn.microsoft.com/library.

Note:
If both PreAuthenticate and UnsafeAuthenticatedConnectionSharing are set to true, each request is sent using a connection from the unsafe pool, but with an Authorization header.

 .NET Framework Security

• WebPermission 

  Unrestricted Web permission is required to set this property.

 Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

 Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1

 See Also

Reference

HttpWebRequest Class

HttpWebRequest Members

System.Net Namespace