IntranetZoneCredentialPolicy Class

IntranetZoneCredentialPolicy Class


Defines a credential policy to be used for resource requests that are made using WebRequest and its derived classes.

Namespace:   Microsoft.Win32
Assembly:  System (in System.dll)


public class IntranetZoneCredentialPolicy : ICredentialPolicy


Initializes a new instance of the IntranetZoneCredentialPolicy class.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodShouldSendCredential(Uri, WebRequest, NetworkCredential, IAuthenticationModule)

Returns a Boolean that indicates whether the client's credentials are sent with a request for a resource that was made using WebRequest.


Returns a string that represents the current object.(Inherited from Object.)

This policy allows credentials to be sent only if the requested resource is in the same domain as the client that is making the request. For many applications this is the optimal policy because it prevents network credentials from being sent with requests for resources that are not on the intranet.


ICredentialPolicy policies are invoked only if the WebRequest or the WebProxy that is associated with the request has credentials that are not null. Setting this policy has no effect on requests that do not specify credentials.

Use the AuthenticationManager.CredentialPolicy property to set the IntranetZoneCredentialPolicy policy. The IAuthenticationModule that handles authentication for the request will invoke the ShouldSendCredential method before performing the authentication. If the requested resource is in a different domain than the client, the ShouldSendCredential method returns false, and authentication is not performed.

This policy affects all instances of WebRequest with non-null credentials in the current application domain. The policy cannot be overridden on individual requests.

The following code example demonstrates creating an instance of IntranetZoneCredentialPolicy and using it to set the credential policy for the application domain.

 public static void UseIntranetCredentialPolicy()
    IntranetZoneCredentialPolicy  policy = new IntranetZoneCredentialPolicy();
    AuthenticationManager.CredentialPolicy = policy;

.NET Framework
Available since 2.0

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
© 2015 Microsoft