Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HttpClient on non-Windows does not support Windows authentication #17649

Closed
lextm opened this issue Jun 18, 2016 · 3 comments
Closed

HttpClient on non-Windows does not support Windows authentication #17649

lextm opened this issue Jun 18, 2016 · 3 comments
Labels
area-System.Net os-linux Linux OS (any supported distro)
Milestone
1.1.0

Comments

@lextm
Copy link

lextm commented Jun 18, 2016

The following code snippet works fine on Windows (.NET Framework), and can authenticate against an IIS web service configured with Windows authentication only. Status code is 200.

            using (var client = new HttpClient (
                new HttpClientHandler {
                    PreAuthenticate = true,
                    UseDefaultCredentials = false,
                    UseProxy = false,
                    Credentials = new NetworkCredential ("user", "pass", "domain")
                })) {
                client.BaseAddress = new Uri ("http://test.com");
                client.DefaultRequestHeaders.Accept.Clear ();
                client.DefaultRequestHeaders.Accept.Add (new MediaTypeWithQualityHeaderValue ("application/json"));

                HttpResponseMessage response = await client.GetAsync ("test/values");
                if (response.IsSuccessStatusCode) {
                    Console.WriteLine (await response.Content.ReadAsStringAsync ());
                } else {
                    Console.WriteLine (response.StatusCode);
                }
            }

However, when it runs in a .NET Core RC2 app on Mac, the response status code is always 401. By capturing packets via Wireshark, no user credentials are sent. (if disable Windows authentication and enable Basic authentication, then it works with 200 status code and user credentials in packets.)

So I think the cross platform Windows authentication support is not yet fully implemented. Is there a plan to address this?
@stephentoub
Copy link
Member

If you mean NTLM, the support is there, but in RC2 you need to explicitly opt-in to using it, e.g. using a CredentialCache that includes the NetworkCredential added for "NTLM" rather than just the NetworkCredential. Post-RC2, you shouldn't need to do that.

If you mean Negotiate, some gss API implementations only consider Kerberos, while others fallback to NTLM if Kerberos can't be negotiated. HttpClient uses libcurl on Linux and OSX, and libcurl uses some gssapi implementation to provide that support, so depending on which yours is using, it may or may not support that fallback. Kerberos should work, but Kerberos on Linux and OSX requires special configuration in general (you can search the net for info on configuring your system).

@lextm
Copy link
Author

lextm commented Jun 18, 2016

@stephentoub Thanks for the hint of "explicitly opt-in". Didn't know this is an RC 2 limitation. Will do more experiments and close this issue.

@ericeil
Copy link
Contributor

ericeil commented Jun 22, 2016

Closing this, since it's already fixed post-RC2. @lextm, feel free to reopen this issue if this doesn't work for you.

@ericeil ericeil closed this as completed Jun 22, 2016
@msftgits msftgits transferred this issue from dotnet/corefx Jan 31, 2020
@msftgits msftgits added this to the 1.1.0 milestone Jan 31, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Dec 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Net os-linux Linux OS (any supported distro)
Projects
None yet
Milestone
1.1.0
Development

No branches or pull requests
4 participants
@lextm @stephentoub @ericeil @msftgits