AuthenticationManager.CredentialPolicy 属性


获取或设置凭据策略,该凭据策略将用于使用 HttpWebRequest 类发出的资源请求。Gets or sets the credential policy to be used for resource requests made using the HttpWebRequest class.

 static property System::Net::ICredentialPolicy ^ CredentialPolicy { System::Net::ICredentialPolicy ^ get(); void set(System::Net::ICredentialPolicy ^ value); };
public static System.Net.ICredentialPolicy CredentialPolicy { get; set; }
member this.CredentialPolicy : System.Net.ICredentialPolicy with get, set
Public Shared Property CredentialPolicy As ICredentialPolicy


一个实现 ICredentialPolicy 接口的对象,该接口确定凭据是否随请求一起发送。An object that implements the ICredentialPolicy interface that determines whether credentials are sent with requests. 默认值为 nullThe default value is null.


下面的代码示例演示如何设置凭据策略。The following code example demonstrates setting the credential policy.

static void UseIntranetCredentialPolicy()
   IntranetZoneCredentialPolicy^ policy = gcnew IntranetZoneCredentialPolicy;
   AuthenticationManager::CredentialPolicy = policy;
 public static void UseIntranetCredentialPolicy()
    IntranetZoneCredentialPolicy  policy = new IntranetZoneCredentialPolicy();
    AuthenticationManager.CredentialPolicy = policy;


凭据策略确定是否在发送网络资源(如网页的内容)的请求时发送凭据。The credential policy determines whether to send credentials when sending a request for a network resource, such as the content of a Web page. 如果发送了凭据,则需要客户端身份验证的服务器可以尝试在收到请求时对客户端进行身份验证,而不是发送指示需要客户端凭据的响应。If credentials are sent, servers that require client authentication can attempt to authenticate the client when the request is received instead of sending a response indicating that the client's credentials are required. 尽管这会将往返过程保存到服务器中,但这必须与通过网络发送凭据的固有安全风险相平衡。While this saves a round trip to the server, this must be balanced against the security risk inherent in sending credentials across the network. 当目标服务器不需要客户端身份验证时,最好不要发送凭据。When the destination server does not require client authentication it is best to not send credentials.

只会为指定凭据的请求调用凭据策略,或使用指定凭据的 WebProxy 对象。The credential policy will be called only for requests that specify credentials or use a WebProxy object that specifies credentials.