C# NTLM Proxy Authentication for a service running as Local System

BrokenArrows

Im connecting to a proxy server for my webrequest using the below code.

WebProxy proxy = new WebProxy(Cfg.ProxyAddress, Cfg.ProxyPort);
proxy.Credentials = CredentialCache.DefaultCredentials;
proxy.BypassProxyOnLocal = true;

var request = WebRequest.Create("http://" + tcpHostName + ":" + port);
request.Proxy = webProxy;
...

This is running as a windows Service and running under the Local System account.

The customer usually only allows client applications through the proxy so they expect the credentials to be the current logged in Windows user.

They want to allow my Windows Service to be allowed through the proxy but there is a problem. They're telling me that my above code is not supplying any credentials to the proxy.

Is it possible to configure a proxy to allow the Local System account to use it?


Any ideas?

Mort5000

How about this one?

stevenmu

In short, no, Local System isn't an account that you can send credentials to the proxy for. It's a special account that only exists on the local machine. Basically you have 3 options,

1. If your service only contacts a small number of known URLs the proxy server could be configured to allow access to these URLs without authentication. Companies may or may not allow this depending in their policies

2.The service could be configured to run as a real account. This could be either a real person's account, or a dedicated service account could be created for your service to use.

3. If your service needs to run as Local System for some reason (which is bad practice unless it's absolutely necessary), you could still get a dedicated service account created for it and use that in your code instead of CredentialCache.DefaultCredentials. You then have to figure out how you store those credentials safely to use, Windows Credential Manager is a good choice that stores credentials securely on a windows machine that can be easily accessed from .Net