Form Authentication and XmlDocument.Load

Question

I\'m running an asp.net web application with c#. The following is used: - Windows 2003 server - IIS6.0 - .net Framework 2.0.50727

I\'m trying to implement Forms Authent

Answer 1

<?xml version="1.0"?>
<BankSearch><SearchColumns>
    <Column>
        <Name>Bank_Name</Name>
        <Control>TextBox</Control>
        <Description>Bank Name</Description>
    </Column>
</SearchColumns>
<SearchStoredProc Name="usp_BankSearch">
    <Parameter1 control="txtBank_Name">@Bank_Name</Parameter1>
</SearchStoredProc>
<DisplayColumns>
    <Column HeaderText="Bank Name" HyperLinkColumn="True" NavigateUrl="~/Bank/Bank.aspx"  NavigateUrlFields="Bank_Id"   QueryStrings="BID">Bank_Name</Column>       
    <Column HeaderText="Bank Address">Bank_Address</Column>
    <Column HeaderText="Bank Email Id">BANK_EMAIL_ID</Column>
    <Column HeaderText="Bank Phone">Bank_Phone</Column>
    <Column HeaderText="Bank Fax">BANK_FAX_NO</Column>
    <Column HeaderText="City">City</Column>
    <Column HeaderText="Postal Code">POSTAL_CODE</Column>
    <Column HeaderText="State">STATE_NAME</Column>
    <Column HeaderText="Country">Country_Name</Column>              
</DisplayColumns>

Answer 2

if you are using forms authentication, even if you are already logged in, xmlDocument is going to the loging page first. This page is not an XML file. Hence the exception. I saw a suggestion that this could work:

void Main()
{
    XmlUrlResolver resolver = new XmlUrlResolver();
    resolver.Credentials = CredentialCache.DefaultCredentials;

    var x = new XmlDocument();
    x.XmlResolver = resolver;
    x.Load("https://yourUrl");
}

It sounds like a good advice but i could not get it work. I will try to get the xml using a web request instead. Because when I use a web browser, the xml is returned without needing to log on again through forms authentication.

---

Finally found the solution. As I explained this is due to using forms authentication. I was thinking once HTTPS is established all communication from the application will have authorization automatically. However, calls to back-end applications require authentication. That is why instead of getting back the xml I was getting an html page which is the login page. I managed to bypass the forms authentication by adding the authentication cookie as below:

var httpCookie = FormsAuthentication.GetAuthCookie(context.User.Identity.Name, false);
var cookie = new Cookie(httpCookie.Name, httpCookie.Value, httpCookie.Path, HttpContext.Current.Request.Url.Host);
var rq = (HttpWebRequest) WebRequest.Create(url);
rq.CookieContainer = new CookieContainer();
rq.CookieContainer.Add(cookie);
var rs = (HttpWebResponse) rq.GetResponse();                
var strm = rs.GetResponseStream();
var rdr = new StreamReader(strm);
var str = rdr.ReadToEnd();
var userDetails = new XmlDocument();                
userDetails.LoadXml(str);