UWP send default credentials domain account results in 401

Question

I have the exact same problem as described here: Using Default Credentials in System.Net.HttpClient request in UWP

I am logged in to a domain. In my UWP app I want to use the domain credentials as authentication to the SharePoint. I have tried the same steps as described in the URL above. It does work setting the credentials in de code, but that is not what I want.

Sample code that I tried.

var handler = new HttpClientHandler();
handler.UseDefaultCredentials = true;

var server = "{ServerUrl}";

using (var client = new HttpClient(handler))
{
     var responseMessage = await client.GetAsync(server, system.Net.Http.HttpCompletionOption.ResponseHeadersRead).ConfigureAwait(false);
     var responseData = await responseMessage.Content.ReadAsByteArrayAsync();
     responseData.ToArray();
}

This is always returning a 401 error.

Some extra info: It also does work using PowerShell and executing the following command: Invoke-WebRequest -Method GET -Uri "{ServerUrl}" -UseDefaultcredentials. then it returns a 200 status code.

Anybody got an idea?

EDIT: Creating a new Windows 8.1 app and using the code above does work (same as in URL above). What are the differences between those?

EDIT2: When looking in Fiddler I see te following: using the Windows 8.1 app: picture First it sends a request with header WWW-Authenticate: NTLM then it sends another request with the same header but then with a token. After that request it returns a 200 code.

using the UWP app: picture In UWP it only sends the request with WWW-Authenticate: NTLM. Then it doesn't do anything.

I also found this: https://github.com/dotnet/corefx/issues/9234 and https://github.com/dotnet/corefx/issues/27672 which is the same issue. That issue is forwarded to this one: https://github.com/dotnet/corefx/pull/28105 and should be in .NET Core 2.1 (which is not out yet, Q2). How is that supposed to work in UWP, what do I have to do for it?

EDIT 3: After setting UseDefaultCredentials = true it immediately sets it back to false. => https://github.com/dotnet/corefx/blob/f71c9d72cb776018147992ea0de8e08a440c4a4a/src/System.Net.Http/src/uap/System/Net/HttpClientHandler.cs#L183

FINAL EDIT: Oke, as the first link described, setting an URL for the local intranet sites did work. First I didn't know what they ment by this. After some research I found this link: https://technet.microsoft.com/en-us/library/dd572939(v=office.13).aspx#Anchor_0 After setting the url I was able to authenticate using domain credentials. I didn't have to set any properties on the handler. Just Enterprise authentication as capability. This clears a lot of things for me and should work in a well controlled intranet environment (I was on VPN and Domain where I didn't had the control of).

did you enable the Entperise Authentication capability in your manifest? — Dave Smits, Apr 18 '18 at 08:31
Yes, like I said I did the exact same things as described in the link. Could this be a setting in the SharePoint? — mmarkvoort, Apr 18 '18 at 08:36
I tested the above code snippet, but cannot reproduce your issue. Is your sharepoint deployed on local server? Check fiddler for more details. — Sunteen Wu, Apr 20 '18 at 09:26
@SunteenWu-MSFT The server is not a local server. See updated post for more. — mmarkvoort, Apr 20 '18 at 13:17

UWP send default credentials domain account results in 401

0 Answers0