Unauthorized response after setting CachePolicy with HttpClient

Question

I am sending a GET request to a server which expects NTLM authentication.

For that we set UseDefaultCredentials = true

var defaultHandler = new WebRequestHandler
{
  UseDefaultCredentials = true,
  CachePolicy = new HttpRequestCachePolicy(HttpRequestCacheLevel.NoCacheNoStore),
  AutomaticDecompression = DecompressionMethods.GZip,
  AllowAutoRedirect = true,
  UseCookies = true,
  CookieContainer = new CookieContainer()
};

Everything was working correctly until we decided to turn on Cache.

For that we changed our CachePolicy to CachePolicy = new HttpRequestCachePolicy(HttpRequestCacheLevel.Default)

With that change the server started to respond with 401 - unauthorized and is sending alongside the WWW-Authenticate: NTLM

Any ideas why setting the Cache changed the behavior?

score 1 · Accepted Answer · answered Apr 26 '17 at 13:02

The root cause of the problem was that the server was responding with

Cache-Control: private

Our HttpClient was caching that response and thus, the following negotiation step was being served from Cache instead of being requested to the Server resulting on the failure to authenticate.

We disabled caching on 401 responses. After a lot of reading we decided to implement it as Mozilla Developer Network states

Cache-Control: no-cache, no-store, must-revalidate

Unauthorized response after setting CachePolicy with HttpClient

1 Answers1