0

I have a web application which is hosted in IIS 7.5 on Windows Server 2008 R2 and on another test machine in IIS 8.5 on Windows Server 2012 R2. Windows Authentication is enabled and the Application Pool is running under a service account like "DomainName\DomainUsername".

I'm using a small C# Console test application to intantiate an HttpClient object and call a controller action of the website, e.g. http://localhost/Api/TestAction. Both test systems behave differently and i do not understand why.

  • Test Case 1) without credentials
  • Test Case 2) with "default credentials"
  • Test Case 3) with the credentials of the user of the apppool ("DomainName\DomainUsername")

TestCase 1:

HttpClient client = new HttpClient();
var response = client.GetAsync(url).Result;
Console.WriteLine(response.StatusCode);

TestCase 2:

HttpClientHandler handler = new HttpClientHandler();
handler.UseDefaultCredentials = true;
HttpClient client = new HttpClient(handler);
var response = client.GetAsync(url).Result;
Console.WriteLine(response.StatusCode);

TestCase 3:

HttpClientHandler handler = new HttpClientHandler();
handler.Credentials = new NetworkCredential(username, password);
HttpClient client = new HttpClient(handler);
var response = client.GetAsync(url).Result;
Console.WriteLine(response.StatusCode);

Here are the results:

Windows Server 2008 R2 (IIS 7.5):

  • Test Case 1 - Unauthorized
  • Test Case 2 - OK
  • Test Case 3 - Unauthorized

Windows Server 2012 R2 (IIS 8.5):

  • Test Case 1 - Unauthorized
  • Test Case 2 - OK
  • Test Case 3 - OK

Could you please help me to understand why both test systems give different results for Test Case 3 (using credentials of the apppool user)? And could you please explain what "UseDefaultCredentials" mean and what impact does this have on the authorization issue? So far I haven't found an explanation that i understand.

Thanks!

Delerium
  • 5
  • 5
  • There is something strange about your code: You are calling GetAsync method without implementing the request completion handler. In general, your response object will be in undefined state until request is processed. If you look at the method description at MSDN, it explicitly states:"This operation will not block. The returned task object will complete after the whole response (including content) is read." If you do not want to deal with the request completion handler, you can use webClient.DownloadData instead. It is a synchronous operation that doesn't require a completion handler. – Victor Havin Feb 14 '17 at 21:12
  • 1
    @VictorHavin: by referring to `Result` of the async call, he makes it sync and gets the result of the async task. No need for any completion handlers then. – Wiktor Zychla Feb 14 '17 at 22:01
  • @Delerium: could you please verify what happens if you call the `NetworkCredentials` constructor with three arguments rather than two, the third one being the domain name? – Wiktor Zychla Feb 14 '17 at 22:07
  • @Wiktor: Thanks for that good hint. In my previous tests i have always called it like NetworkCredentials("Domain\Username", "Password"). But when I call it like NetworkCredentials("Username", "Password", "Doamin") this seems to work also on the 2008 machines. I will do some further testing now. – Delerium Feb 15 '17 at 09:10
  • @Delerium: it sounds like this is a possible answer to your question then. Drop a line later, I will repost this previous comment as an answer if this really solves your issue. – Wiktor Zychla Feb 15 '17 at 13:24
  • @Wiktor: Yes, this solved my problem. Thanks. – Delerium Feb 17 '17 at 07:13

1 Answers1

1

An answer accepted by the OP in the discussion below the question involves calling the NetworkCredentials constructor with three arguments rather than two, the third one being the domain name.

In other words, this one works

NetworkCredentials("Username", "Password", "Doamin")

where this one doesn't

NetworkCredentials("Domain\Username", "Password")
Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106