0

I'm trying to figure out if it is and how possible to initiate a connection with Authorization that avoids getting a 401 back from the server on the initial call.

According to the RFC (https://www.ietf.org/rfc/rfc4559.txt, end of section 4.2), the client should be able to send, with the initial request, an Authorization header containing a token, but for me that doesn't work. I've tried sending the same token (seems to be always the same) that is usually sent as a response to the first 401, but no luck.

Is there something in the configuration that needs to be changed to allow such behavior or do I need a different token?

Damir Porobic
  • 681
  • 1
  • 8
  • 21
  • 401 may be because no credentials were passed, you can check the documentation.https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/selecting-a-credential-type?redirectedfrom=MSDN#negotiation-model-of-service-credentials – Lan Huang Jul 19 '22 at 03:20
  • The 401 is just to challenge the caller to pick a Authorization, Negotiate or NTLM, after that they caller and server just setup the communication as usual. I'm looking for a way to tell the server right away what Authorization I want without being challenged with 401 in the initial step. – Damir Porobic Jul 19 '22 at 05:43
  • Maybe you can use [PrincipalPermissionAttribute](https://learn.microsoft.com/en-us/dotnet/framework/wcf/how-to-restrict-access-with-the-principalpermissionattribute-class) class to restrict access. https://www.blinkingcaret.com/2016/03/02/wcf-security-survival-guide-part-2-authorization/ – Lan Huang Jul 19 '22 at 09:58

0 Answers0