Jacek Nowak
Jacek Nowak

Reputation: 41

ASP.NET Web API - NTLM authentication and HTTPS

I have the following configuration:

  1. self-hosted ASP.NET Web API
  2. ASP.NET MVC 3 web application

Web app [2] comunicates with Web API [1] over HTTPS. They both (for now) live on the same machine.

Http binding for the Web API [1] is configured like that:

httpBinding.Security.Mode = HttpBindingSecurityMode.Transport; httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
httpBinding.TransferMode = TransferMode.Streamed

I cannot make it work using https AND ntlm authorization.

Why changing ONLY the transport protocol (from http to https) stops NTLM authentication from working?

Thanks for any help with that!

Upvotes: 4

Views: 3810

Answers (1)

jcwrequests
jcwrequests

Reputation: 1130

@Jacek Nowak I have run into the same problem myself and today I just came across the answer which is detailed in the following post.

Below is how I would code it up.

public class NTLMSelfHostConfiguration : HttpSelfHostConfiguration
{
    public NTLMSelfHostConfiguration(string baseAddress) : base(baseAddress) { }
    public NTLMSelfHostConfiguration(Uri baseAddress) : base(baseAddress) { }
    protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding)
    {
        httpBinding.Security.Mode = HttpBindingSecurityMode.TransportCredentialOnly;
        httpBinding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Ntlm;
        httpBinding.ConfigureTransportBindingElement = 
            element => element.AuthenticationScheme = 
                System.Net.AuthenticationSchemes.IntegratedWindowsAuthentication;
        return base.OnConfigureBinding(httpBinding);
    }
}


public static class Program()
{
    public static void main(string[] args)
    {
        var config = new NTLMSelfHostConfiguration("https://localhost/");            
        config.Routes.MapHttpRoute("Main",
                                    "api/{controller}");

        var server = new HttpSelfHostServer(config);

        server.OpenAsync().Wait();

        Console.WriteLine("Running");
        Console.ReadLine();

        server.CloseAsync().Wait();


    }
}

Upvotes: 2

Related Questions