CODEWITHSUNDEEP
iisasp.net-core-2.2
Eugen Kehl
Eugen Kehl

Reputation: 31

ASP.NET Core pass default credentials to HttpClient

How to pass DefaultCredentials in ASP.NET Core to the HttpClient?

It works fine when I run it locally in VisualStudio. The current user is authorized to request "www.mycompany.com". But as soon as I publish it to the IIS I get an 401 (Unauthorized) because HttpClient get the web-server-user (not authorized) in DefaultCredentials.

Windows-Authentification is active in VisualStudio and on IIS.

My c# code:

HttpClient Client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true });
Client.BaseAddress = new Uri("www.mycompany.com");
Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Client.DefaultRequestHeaders.Add("Application-Name", Assembly.GetExecutingAssembly().GetName().Name);

HttpResponseMessage response = Client.GetAsync("/classes").Result;

EDIT

I understand that locally it runs with current user, but I don't know how to authorize the Application Pool...

EDIT2

I didn't quite explain it correctly. I want to pass-trough the authentication from the local user to the HttpClient. Only local users are authorized to make a request

Upvotes: 2

Views: 6077

Answers (2)

nttakr
nttakr

Reputation: 1697

There seems to be a difference in behavior between using WebClient and HttpClient.

Please try with WebClient. It seems to give the proper credentials to the child request in contrast to HttpClient which is not allowed to spawn a child thread while impersonated.

Upvotes: 0

Brando Zhang
Brando Zhang

Reputation: 27997

I understand that locally it runs with current user, but I don't know how to authorize the Application Pool...

As poke and lex says, if you hosted on the IIS, the DefaultCredentials will be the application pool identity not the user account.

If you want to know how to modify the application pool identity, I suggest you could follow below steps:

1.Open the IIS management console.

2.Select the application pool and advanced setting

enter image description here

3.Modify the application pool identity to use custom domain account.

enter image description here

Update:

If you want to use login in user credential to access other api, I could try to use Impersonation.

        var user = (WindowsIdentity)User.Identity;


        WindowsIdentity.RunImpersonated(user.AccessToken, () =>
        {
            var impersonatedUser = WindowsIdentity.GetCurrent();
            var message =
                $"User: {impersonatedUser.Name}\t" +
                $"State: {impersonatedUser.ImpersonationLevel}";

            //ViewBag.UseImper = message;

            HttpClient Client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true });
            //Client.BaseAddress = new Uri("http://localhost:44331");
            Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            Client.DefaultRequestHeaders.Add("Application-Name", Assembly.GetExecutingAssembly().GetName().Name);

            var response = Client.GetAsync("http://127.0.0.1:44319/api/values").Result;

            int i = 0;

        });

Upvotes: 1

Related Questions