C#•13mo ago

Can't authenticate via NTLM from Linux Kestrel hosted ASP.NET API to IIS hosted ASP.NET API

Hi!
Context:
I am trying to authenticate and do a request on an API that is hosted via IIS and that uses NTLM authentication (Active Directory Username and Password)
The API im using to run the authentication + request is hosted on Red Hat Openshift (Linux) with Kestrel
RUN apk add --no-cache krb5-libs krb5
I have downloaded some krb5 libs through my docker, but have no idea if these are correct.

public HttpResponseMessage CMImport(List<CMImport> Imports)
{
    var client = NTLMHttpClient();
    var result = client.PostAsJsonAsync(_config["CMImport:importurl"], Imports).Result;
    if (result.StatusCode == HttpStatusCode.Unauthorized)
    {
        foreach (var header in result.Headers)
        {
            Console.WriteLine($"{header.Key}: {string.Join(", ", header.Value)}");
        }
    }
    else
    {
        Console.WriteLine("Request succeeded.");
    }

    return result;
}

private HttpClient NTLMHttpClient()
{
    var credentials = new NetworkCredential(_config["CMImport:username"], _config["CMImport:password"]);
    var handler = new HttpClientHandler
    {
        Credentials = credentials,
        ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }
    };
    var client = new HttpClient(handler);
    return client;
}

public HttpResponseMessage CMImport(List<CMImport> Imports)
{
    var client = NTLMHttpClient();
    var result = client.PostAsJsonAsync(_config["CMImport:importurl"], Imports).Result;
    if (result.StatusCode == HttpStatusCode.Unauthorized)
    {
        foreach (var header in result.Headers)
        {
            Console.WriteLine($"{header.Key}: {string.Join(", ", header.Value)}");
        }
    }
    else
    {
        Console.WriteLine("Request succeeded.");
    }

    return result;
}

private HttpClient NTLMHttpClient()
{
    var credentials = new NetworkCredential(_config["CMImport:username"], _config["CMImport:password"]);
    var handler = new HttpClientHandler
    {
        Credentials = credentials,
        ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }
    };
    var client = new HttpClient(handler);
    return client;
}

public HttpResponseMessage CMImport(List<CMImport> Imports)
{
    var client = NTLMHttpClient();
    var result = client.PostAsJsonAsync(_config["CMImport:importurl"], Imports).Result;
    if (result.StatusCode == HttpStatusCode.Unauthorized)
    {
        foreach (var header in result.Headers)
        {
            Console.WriteLine($"{header.Key}: {string.Join(", ", header.Value)}");
        }
    }
    else
    {
        Console.WriteLine("Request succeeded.");
    }

    return result;
}

private HttpClient NTLMHttpClient()
{
    var credentials = new NetworkCredential(_config["CMImport:username"], _config["CMImport:password"]);
    var handler = new HttpClientHandler
    {
        Credentials = credentials,
        ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }
    };
    var client = new HttpClient(handler);
    return client;
}

public HttpResponseMessage CMImport(List<CMImport> Imports)
{
    var client = NTLMHttpClient();
    var result = client.PostAsJsonAsync(_config["CMImport:importurl"], Imports).Result;
    if (result.StatusCode == HttpStatusCode.Unauthorized)
    {
        foreach (var header in result.Headers)
        {
            Console.WriteLine($"{header.Key}: {string.Join(", ", header.Value)}");
        }
    }
    else
    {
        Console.WriteLine("Request succeeded.");
    }

    return result;
}

private HttpClient NTLMHttpClient()
{
    var credentials = new NetworkCredential(_config["CMImport:username"], _config["CMImport:password"]);
    var handler = new HttpClientHandler
    {
        Credentials = credentials,
        ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }
    };
    var client = new HttpClient(handler);
    return client;
}

Im getting 401 unauthorized here, and the response headers look like this:

Transfer-Encoding: chunked
Server: Microsoft-IIS/10.0
WWW-Authenticate: Negotiate, NTLM
X-Powered-By: ASP.NET
Date: Wed, 11 Dec 2024 11:57:56 GMT

On a successful request, done from my computer to the IIS API in question, the response headers look like this:

content-type: application/json; charset=utf-8
date: Tue,10 Dec 2024 12:25:31 GMT
location: results
persistent-auth: true
server: Microsoft-IIS/10.0
transfer-encoding: chunked
www-authenticate: Negotiate <insert token here>
x-powered-by: ASP.NET

anybody know what im doing wrong? i suspect its something to do with me hosting in linux but idk.

Can't authenticate via NTLM from Linux Kestrel hosted ASP.NET API to IIS hosted ASP.NET API

Similar Threads

Similar Threads

Similar Threads