AuthenticationManager.CredentialPolicy Property


Gets or sets the credential policy to be used for resource requests made using the HttpWebRequest class.

 static property System::Net::ICredentialPolicy ^ CredentialPolicy { System::Net::ICredentialPolicy ^ get(); void set(System::Net::ICredentialPolicy ^ value); };
public static System.Net.ICredentialPolicy? CredentialPolicy { get; set; }
public static System.Net.ICredentialPolicy CredentialPolicy { get; set; }
static member CredentialPolicy : System.Net.ICredentialPolicy with get, set
Public Shared Property CredentialPolicy As ICredentialPolicy

Property Value


An object that implements the ICredentialPolicy interface that determines whether credentials are sent with requests. The default value is null.


The following code example demonstrates setting the credential policy.

static void UseIntranetCredentialPolicy()
   IntranetZoneCredentialPolicy^ policy = gcnew IntranetZoneCredentialPolicy;
   AuthenticationManager::CredentialPolicy = policy;
 public static void UseIntranetCredentialPolicy()
    IntranetZoneCredentialPolicy  policy = new IntranetZoneCredentialPolicy();
    AuthenticationManager.CredentialPolicy = policy;


The credential policy determines whether to send credentials when sending a request for a network resource, such as the content of a Web page. If credentials are sent, servers that require client authentication can attempt to authenticate the client when the request is received instead of sending a response indicating that the client's credentials are required. While this saves a round trip to the server, this must be balanced against the security risk inherent in sending credentials across the network. When the destination server does not require client authentication it is best to not send credentials.

The credential policy will be called only for requests that specify credentials or use a WebProxy object that specifies credentials.

Applies to