Using fiddler with Windows Authentication

Question

I am testing some proxy settings for our application but I need to test a proxy that requires Windows Authentication (or network credentials).

For testing, I assigned the credential of the proxy to the network credentials

System.Net.WebProxy proxy = new System.Net.WebProxy("127.0.0.1", 8888);
proxy.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
//proxy.Credentials = new System.Net.NetworkCredential("1", "1");
System.Net.WebRequest.DefaultWebProxy = proxy;

Currently, I use Fiddler with the Require Proxy Authentication rule turned on. How can I configure Fiddler so I can use the Windows credentials instead of the default "1" / "1" credentials?

Answer 1

In Fiddler 4.6 I can turn on "Automatically Authenticate" under Composer -> Options. My WebAPI hosted in IIS using Windows Authentication is then successfully called. You can see three requests in the log for a single call.

1. HTTP/1.1 401 Unauthorized Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM

2. HTTP/1.1 401 Unauthorized Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: Negotiate oYIBDTCCAQ... Date: Mon, 18 Jan 2016 09:38:22 GMT Content-Length: 341

3. HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 Persistent-Auth: true WWW-Authenticate: Negotiate oRsw... Date: Mon, 18 Jan 2016 09:38:22 GMT Content-Length: 4

Answer 2

You cannot easily do this with Fiddler; you'd need to calculate the credential challenge yourself and add the challenge in a response header after returning a HTTP/407 response with a Proxy-Authenticate: Negotiate header.

In contrast, BASIC authentication is easily supported with a single response header, which is how Fiddler's "Require Proxy Authentication" feature works.

Answer 3

WebMarshal is a web proxy that runs on windows. It can be configured to use Basic Authentication and NTLM Authentication. You can download a free trial.