Much of the software I use on a day-to-day basis requires a HTTP connection to the Internet. Unfortunately, not all of this software includes reliable Web proxy support for Windows Authentication (NTLM). Whilst many people are connecting to the Internet from networks without proxy servers, I'm often connecting from corporate networks through Microsoft ISA Server.
Here is some advice for anyone writing software that uses that needs uses the Internet:
- Include proxy support in your application. You'll not believe how many applications get un-installed because they don't support proxy servers.
- Ensure that your proxy supports auto-configuration (.pac) files. If you don't go this far make it clear how the proxy host name should be specified, whether to include "http://" at the beginning and what port number to use.
- Provide support for various authentication mechanisms. Many corporate networks use NTLM authentication. If your application runs on the Microsoft CLR you have support for this authentication with the CredentialCache class. Native applications can use the support available in WinInet or the more recent WinHttp. The latter includes a proxy configuration tool to make life a little easier.
- Respect user credentials. If a user has to explicitly provide their NT logon credentials to your application make sure to store them securely.
- When requests fail provide useful error messages and server names to the user. This will help them figure out how to make connections work. A lot of times setup is a process of trial and error for users who aren't provided information by network administrators.