How can I use Windows Authentication with Microsoft.Rest.ServiceClient

Question

I have a Microsoft.Rest.ServiceClient generated with autorest. And I want to access a REST API secured with Windows Authentication and Basic Authentication.

The goal is to use Windows Authentication. I tried it as follows:

var handler = new HttpClientHandler
{
    UseDefaultCredentials = true,
};
this.InitializeHttpClient(handler);

This does not work, I get:

System.Net.Http.HttpRequestException: An error occurred while sending the request. 
---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. 
---> System.ComponentModel.Win32Exception: The target principal name is incorrect

When I use Basic Authentication it works.

this.Credentials = new BasicAuthenticationCredentials
{
    UserName = Configuration.User,
    Password = Configuration.Password
};

This setup of the ServiceClient is done in the constructor of

MyClient : Microsoft.Rest.ServiceClient

What do I need to add to the client to get Windows Authentication working?

Edited:

It looks like the problem is on server side. Settings in IIS.

The client would work as expected.

Is the process running under your Windows principal or another account? — haim770, May 08 '18 at 12:25
I tried both, but as mentioned in the question, the client woks correct. — Heiner, May 09 '18 at 14:46

score 3 · Answer 1 · answered May 18 '18 at 17:17

This basically reiterates what's already covered in the OP and by @Anders, in my preferred syntax...

 var windowsAuthHandler = new HttpClientHandler { UseDefaultCredentials = true };
 var webApiUri = new System.Uri("https://localhost:8080");
 var apiClient = new MyAutoRestClient(webApiUri ,windowsAuthHandler);

If you're skimming, the OP seems to indicate this doesn't work, when, indeed it does. But, as the OP later states, be sure to start with IIS to make sure it's configured right

score 0 · Answer 2 · answered Apr 30 '18 at 12:12

I use a similar solution for passing on Windows credentials, and it works nicely. The only difference is that I use the constructor overload of ServiceClient that takes a HttpClientHandler instance, rather than calling InitializeHttpClient() and it looks something like this:

public class MyClient : ServiceClient<MyClient>
{
    public MyClient() : base(new HttpClientHandler { UseDefaultCredentials = true }) {}
}

However, the part of your 401-message that says "The target principal name is incorrect" looks suspicious. Your problem may arise from some issues in your AD-configuration rather than in the ServiceClient-configuration.

Mertuarez · Answer 3 · 2020-03-29T15:19:46.410

@bkwdesign has right

var credentials = new Microsoft.Rest.BasicAuthenticationCredentials();
var handler = new System.Net.Http.HttpClientHandler() { UseDefaultCredentials = true };
var uri = new Uri("http://your-rest-api:8008");
var svc = new WebApplication1Client(uri, credentials, handler);

//WebApplication1Client : ServiceClient<WebApplication1Client>, IWebApplication1Client

This is the way how to pass credentials from MVC to WebAPI Windows Authentication or impersonate credentials

Maybe other options:

var handler = new HttpClientHandler() { Credentials = CredentialCache.DefaultCredentials };
var handler = new HttpClientHandler() { Credentials = CredentialCache.DefaultNetworkCredentials };

How can I use Windows Authentication with Microsoft.Rest.ServiceClient

3 Answers3

Linked