Support proxy servers in your applications

Much of the software I use on a day-to-day basis requires a HTTP connection to the Internet. Un­for­tu­nate­ly, not all of this software includes reliable Web proxy support for Windows Au­then­ti­ca­tion (NTLM). Whilst many people are connecting to the Internet from networks without proxy servers, I'm often connecting from corporate networks through Microsoft ISA Server.

Here is some advice for anyone writing software that uses that needs uses the Internet:

  • Include proxy support in your ap­pli­ca­tion. You'll not believe how many ap­pli­ca­tions get un-installed because they don't support proxy servers.
  • Ensure that your proxy supports auto-con­fig­u­ra­tion (.pac) files. If you don't go this far make it clear how the proxy host name should be specified, whether to include "http://" at the beginning and what port number to use.
  • Provide support for various au­then­ti­ca­tion mechanisms. Many corporate networks use NTLM au­then­ti­ca­tion. If your ap­pli­ca­tion runs on the Microsoft CLR you have support for this au­then­ti­ca­tion with the Cre­den­tial­Cache class. Native ap­pli­ca­tions can use the support available in WinInet or the more recent WinHttp. The latter includes a proxy con­fig­u­ra­tion tool to make life a little easier.
  • Respect user cre­den­tials. If a user has to explicitly provide their NT logon cre­den­tials to your ap­pli­ca­tion make sure to store them securely.
  • When requests fail provide useful error messages and server names to the user. This will help them figure out how to make con­nec­tions work. A lot of times setup is a process of trial and error for users who aren't provided in­for­ma­tion by network ad­min­is­tra­tors.

Tagged with authentication, ntlm and webproxy.