Suggested Practices for proxy configuration when using System.Net.HttpWebRequest

I have periodically received questions on how to configure code using HttpWebRequest in an application that may be run in multiple types of environments (home user, corporate domain, with or with out a proxy, etc).  This is what I would suggest.

  1. Don’t set a hard coded proxy unless you know the network configuration that you application will run on under all circumstances. In cases where you know the configuration settings for the network, it is better to use config than a hard coded proxy because proxy names could change and config will allow you to handle this case.
  2. Rely on Internet explorer (IE) settings for proxy settings.  Most of the time, the user will have IE configured correctly.  The caveat to this is that IE may decide to automatically send default credentials to the proxy where HttpWebRequest will not without you enabling it to do so. Also keep in mind that if your code is running in a system service, then it may not be able to get any settings from IE because the account the service is running under may not have a profile loaded with any proxy settings.
  3. In V2.0 of the framework, we now support Automatic proxy detection (this is the same as the “Automatically detect settings” check box in IE.
  4. Don’t set credentials on the proxy until you receive a 407 for the first time.  At that point, you can try sending default credentials.  If default credentials don’t work for the proxy, then you should prompt the user for the credentials.  Note that you should give the user the ability to disable the automatic sending of default credentials because of possible security concerns.  Note that in V2.0 of the framework, we added the ability for a user to specify when credentials should be sent to using the ICredentialPolicy interface. If you are running in a system service, prompting the user is not really applicable.
  5. If ISA Firewall Client is installed and enabled, advise users of your application to correct (remove) IE settings for the proxy server.  This will allow all requests to go through the Firewall Client (which will handle authentication for you automatically).  If the user is unwilling to do this, then the user should disable the proxy for your application through a config file.

For a great read on how the System.Net Proxy objects work, take a look at this article that was written by Durga Gorti (a former manager of mine).

Comments (2)

  1. Recently, a number of current and former System.Net team members have posted about various managed code network…

  2. codemutt says:

    Is there a way to make .NET NOT do automatic proxy discovery?

    My HTTP messages are being hijacked by the corporate proxy forced on all employees. If I can make .NET ignore the proxy, then my little test apps will be able to send messages where they need to be sent (the service) instead of to the proxy.