So I recently had to help one of my friends who had some problems calling a web method on a secure web service. He was running on NETCF 1.0 and kept getting a “401, Unauthorized error” even though he supplied the right credentials. It did not take us long to figure out that the web service required clients to be authenticated using the NTLM authentication mechanism. As most folks are probably aware, the .NET Compact Framework version 1.0 http client only supported Basic and Digest authentication (this limitation is no longer present in Version 2.0 of the compact framework) and if your web service required either NTLM (Windows authentication) or Kerberos authentication, it always resulted in a “401, Unauthorized” error at run time. You can work around this problem in 2 ways:

  •  Enable digest or basic authentication on the server as both are supported by NETCF. This assumes you have control over the server.

  • Implement the client side authentication code within your application. This involves the use of the AuthenticationManager to register a custom module that implements the IAuthenticationModule interface. I do not think there are many examples that show how this can be done.

Well so in my friend’s case he did not have any control over the server so there was no way for him to change the authentication mechanism required on the server so we had to resort to the second work around. I dug up some old emails and I saw some sample code that demonstrate how this can be done.
I will like to give credit to Jeffery Paul from Microsoft for the code I use in this series.

So basically here is the gist of how this is accomplished:
We have a native dll that performs the NTLM authentication. A class that implements the IAuthenticationModule P/Invokes to this native dll.
Using the AuthenticationManager class I can then register my class which performs the actual authentication.

Since there is quite a bit of code necessary to accomplish this I will break this task into 3 posts

  •  I will provide the C++ code for the native dll in part 2 of this post.

  • The class that implements IAuthenticationModule and P/Invokes into the native dll in part 3 of this post

  • And finally a example that demonstrate this in action in part 4 of this post.