Reputation: 3
AspNetCore WebApp not passing users windows credentials to API
I'm building a simple AspNetCore Balzor server app that calls an endpoint of an AspNetCore web Api. Both are hosted in IIS on a windows server.
When I run the website via IIS Express locally (pointing at the api on our windows server) everything thing works as expected. If I launch the hosted website, I get "HHTP Error 401.2 - Unauthorized".
This leads me to believe it is a double hop issue, but I really don't know how to resolve it.
Can anyone point me in the right direction?
This is the set up
- Both have IIS Authentication set to "Windows Authentication" on the server.
- Both have "builder.Services.AddAuthentication(NegotiateDefaults.AuthenicationScheme) in Program.cs.
These are the basic tests I've done
Call the end point directly from a browser
Added my windows user name & password directly into the CredentialCache, it returns the data.
var cache = new CredentialCache(); cache.Add(url, "Negotiate", new NetworkCredential("username", "password")); var handler = new HttpClientHandler() { Credentials = cache, PreAuthenticate = true }; var httpClient = new HttpClient(handler) { Timeout = new TimeSpan(0, 0, 10) }; var response = await httpClient.GetAsync(url);
UPDATE: This is from the HTTP Error 401.2 - Unauthorized Detailed Error Information
Module: UrlAuthorizationModule
Notification: AuthorizedRequest
Handler: aspNetCore
Error Code: 0x80070005
Request URL:http://servername.com:port/endpoint
Logon Method: Negotiate
Logon User: domain*servername*$
Upvotes: 0
Views: 218
Answers (1)
Reputation: 16029
I created a web api and choosing windows auth as the Authentication Type using the template in vs2022. And created another blazor server app in .net 7 which choosing Windows Auth as well when creating.
I had code below in the blazor server app to call the API which worked well both in local side and publishing to IIS. Only difference is that in IIS I need to enable windows authentication and disable allow anonymous.
@inject IHttpClientFactory ClientFactory
<div>@res</div>
@code {
private string res;
protected override async Task OnInitializedAsync()
{
forecasts = await ForecastService.GetForecastAsync(DateOnly.FromDateTime(DateTime.Now));
var request = new HttpRequestMessage(HttpMethod.Get,
// "https://localhost:7244/WeatherForecast");
"http://localhost:8098/WeatherForecast");
// var client = ClientFactory.CreateClient();
var httpClient = new HttpClient(new HttpClientHandler { UseDefaultCredentials = true });
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
res = await response.Content.ReadAsStringAsync();
}
}
}
Upvotes: 0
Related Questions
- IIS Express gives Access Denied error when debugging ASP.NET MVC
- How to fix error "ANCM In-Process Handler Load Failure"?
- ASP.NET MVC on IIS 7.5 - Error 403.14 Forbidden
- Blazor webassembly use API from http.sys with windows authentication results in unauthorized
- wsHttpbinding with TransportWithMessageCredential and windows authentication
- How to change authenticate method on IIS 7?