Using .NET HttpWebRequest class with SiteMinder you get a 403 or 401 error

Download Fiddler from and run this for an Internet Explorer browser session that successfully connects.


Then hit the same site with your .NET 2.0 client application and make sure you set the credentials in your code as well:  (Note you can set myCreds directly on the Credentials property of the HttpWebRequest object... no need for the Credential Cache object, but it will not hurt anything).


Compare the two traces in Fiddler in the Sessions Tab on the right side.  If the credentials are successfully passed you should see the 401 challenge from the site answered with the same Basic Authentication header (a base 64 encoded jumble of characters).  If they are the same then you are passing the credentials correctly so what could be the problem?


Using my post on http troubleshooting:



to simplify the issue you will see no Cookies in the failed case.  What is going on?


The .NET classes do not implement a cookie container by default and if you wish to use cookies, you need to provide a cookie container.  You may want to make this container global to your app or simply local to the function (this is your design decision).  Here is the documentation:


Implement the container and use Fiddler once again if it does not work to ensure the successful and failed cases send the exact same data (hint they do not send the same headers and data if this fails still).


Comments (0)

Skip to main content