Building a CredentialCache for HttpWebRequest.Credentials when redirects are uknown

I recently asked a question concerning NetworkCredential and HttpWebRequest.Credentials when a server returns redirects. I determined that building a CredentialCache of NetworkCredential instances works for my scenario. Now I have a temporary method that builds a CredentialCache with all of the domain names hard coded in. It worked, which is great.

        CredentialCache cache = new CredentialCache();
        cache.Add(new Uri("http://example.com"), "Negotiate", loginCredentials);
        cache.Add(new Uri("http://redirected.example.com"), "Negotiate", loginCredentials);
        request.Credentials = cache;

Now, I need to make this more flexible. The whole idea of the redirects is for load balancing on the server. The client won't know exactly where it'll get redirected to until the call to HttpWebRequest.GetResponse(). What is the preferred method to building the CredentialCache to include each redirected serv开发者_Go百科er as they are encountered? Also, what is the rational behind making this so difficult? Why can't a single NetworkCredentials instance satisfy HttpWebRequest.Credentials for each redirect? Does it introduce security vulnerabilities to reuse credentials across redirects?

Thanks.

I used the code and got 401 error (SharePoint 2010 OOB Web Services). Then checked in some other site and tried "NTLM" instead of "Negotiate" in the below line. It's working fine now.

Not Working:

cache.Add(new Uri(myProxy.Url), "Negotiate", new NetworkCredential("UserName", "Password", "Domain"))

Working:

cache.Add(new Uri(myProxy.Url), "NTLM", new NetworkCredential("UserName", "Password", "Domain"))

Nate,

I see you are using "negotiate", so why don't you use

CredentialCache.DefaultNetworkCredentials or CredentialCache.DefaultCredentials

for all the redirects?

From MSDN:

The credentials returned by the DefaultNetworkCredentials property is applicable only for NTLM, negotiate, and Kerberos-based authentication.

The credentials returned by DefaultNetworkCredentials represents the authentication credentials for the current security context in which the application is running. For a client-side application, these are usually the Windows credentials (user name, password, and domain) of the user running the application. For ASP.NET applications, the default network credentials are the user credentials of the logged-in user, or the user being impersonated.