Lately I have been working on a solution that would allow .rdlc files from an ASP.NET Webforms page to display images that are stored in a SharePoint On-Premises server that runs separately from the company's intranet website. Before SharePoint was added to the domain, older .rdlc files' pictures were loaded by impersonating a dummy user (hardcoding their username and password into a static C# variable that utilizes the advapi32 library) to view files in an SMB network share.
I initially looked into using the SharePoint REST API to retrieve the data. Following the official documentation, I intended to utilize an HttpWebRequest with an OAuth or Bearer token, but then I wondered if it would be possible to use NTLM to authenticate users with a WebClient. Wrongly assuming NTLM would work by tapping into the credentials of the user logged into the client computer, the solution I came up with was as follows:
using System;
using System.Data;
using System.Net;
...
protected void ProcessedImageBytes(string uri, DataTable picturesTable)
{
byte[] imageBytes;
using (var webClient = new WebClient())
{
webClient.Credentials = CredentialCache.DefaultCredentials;
// The uri variable is just the link to the SharePoint file.
imageBytes = webClient.DownloadData(uri);
}
DataRow newRow = picturesTable.NewRow();
newRow["PictureBytes"] = Convert.ToBase64String(imageBytes);
picturesTable.Rows.Add(newRow);
}
From here, the program takes the DataRow text and supplies it to a ReportDataSource for the report itself.
What I did not understand was that CredentialCache.DefaultCredentials actually looks into the host computer's identity and authorizes the WebClient from there. This meant that during my testing, running this report from my PC, the report loaded as intended because the identity was set to my profile and I had access to the SharePoint folder, but the identity used by the host server of the website was NT AUTHORITY\NETWORK SERVICE, as I discovered by writing WindowsIdentity.GetCurrent() into the code for the live page.
As of now, I am unsure which direction to go. I would like to allow our system to display images from SharePoint links using NTLM, but it seems the only way to do this is to once again write the username and password of the required user directly into the C# code. Many of the solutions I read about are catered to SharePoint Online using Azure AD and/or Microsoft Graph, which I do not have at my disposal.
Any help at all would be greatly appreciated. Thank you!!