Note: Advice in this article will only work for DotNetBrowser 1.
See the corresponding article for DotNetBrowser 2 here.

Since DotNetBrowser 1.9 you can configure HTTP server authorization whitelist that represents a string with comma/semicolon separated list of URLs. This feature allows you to use Integrated Windows authentication(IWA) and Kerberos authentication for the listed domains. 

With IWA, Chromium can authenticate the user to a web server or proxy without even prompting the user for a username or password. It does this by using cached credentials which are established when the user initially logs in to the machine that the browser is running on. IWA is supported for Negotiate and NTLM challenges only.

ServerWhiteList specifies which servers should be whitelisted for integrated authentication. By default, integrated authentication is only enabled when there is an authentication challenge from a proxy or from a server which is in this permitted list. If this list is not set, Chromium engine will try to detect if a server is on the Intranet and only then will it respond to IWA requests. If a server is detected as Internet, then IWA requests from it will be ignored.

DelegateWhiteList specifies the servers that Chromium may delegate to. If this list is not set, Chromium will not delegate user credentials even if a server is detected as Intranet.

If you specify multiple server names in the lists, separate them with commas. Wildcards (*) are allowed.


Let’s assume that IIS is running on The NTLM/Negotiate authentication was enabled for the server.

By default, the server responds with 401 Unauthorized. After adding to the whitelists, authentication passes without any additional requests.

browser.Context.NetworkService.ServerWhiteList = "";
browser.Context.NetworkService.DelegateWhiteList = "";