2

I have an HTTPS .NET core REST web service deployed on 2 servers which are hosted behind an F5 load balancer. When I invoke a REST method using powershell (Invoke-RestMethod with option -UseDefaultCredentials) directly on one of the servers I observe the following traffic in fiddler.

  1. Response 401 telling me to authenticate myself.
  2. Request re-sent with Kerberos token in header to authenticate.
  3. Response 200 from the REST method.

However when I pass by the F5 load balancer I receive the indentical 401 but the powershell never then resends the request with the Kerboros token. This is really baffling as the response (step 1) is exactly the same in the two cases (see below).

HTTP/1.1 401 Unauthorized
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Kerberos
WWW-Authenticate: NTLM
WWW-Authenticate: Basic
Date: Wed, 22 Nov 2017 08:11:02 GMT

Note that if I perform the same two calls in a browser, then there is no problem when using the F5. The issue would therefore point to the powershell implementation of Invoke-RestMethod. Is there an option I should be using for this to work? Please find the powershell calls below:

Direct: Invoke-RestMethod -Uri https://myserver.domain.com:9999/MyPath/Id/21 -UseDefaultCredentials

Via F5: Invoke-RestMethod -Uri https://myserver-f5.com/MyPath/Id/21 -UseDefaultCredentials
Mr Davies
  • 569
  • 6
  • 16
  • any log messages on IIS? I asked a colleague more familiar with authentication than I am and he thinks the issue might be with the integrated windows authentication configuration, mainly that https://myserver.domain.com:9999 is allowed for WA but https://myserver-f5.com is not. – Jason Rahm Nov 30 '17 at 13:52

0 Answers0