HttpClient 401 Unauthorized exception 'The system cannot contact a domain controller to service the authentication request.'
Found out that loopback check was the issue https://blogs.technet.microsoft.com/scottstewart/2014/09/15/disableloopbackcheck-when-routing-through-a-load-balancer-powershell-sample-included/ Requesting via the server A's FQDN caused error but using its IP worked. Looking into setting up SPN for server A to solve this issue now.
C# HttpClient Post with Authorization and JSON data - 401 Unauthorized
The HttpClient loses it's headers on redirections.
So make sure, that you use the correct API address. If your API doesn't allow insecure connections but you use "http://your-api-address.xy/" instead of "https://your-api-address.xy/" it will return a redirection and your client loses the headers.
HTTPClient getting two 401s before success (sending wrong token)
What you are experiencing is normal, this is how the NTLM authentication scheme works.
1: C --> S GET ...
2: C <-- S 401 Unauthorized
WWW-Authenticate: NTLM
3: C --> S GET ...
Authorization: NTLM <base64-encoded type-1-message>
4: C <-- S 401 Unauthorized
WWW-Authenticate: NTLM <base64-encoded type-2-message>
5: C --> S GET ...
Authorization: NTLM <base64-encoded type-3-message>
6: C <-- S 200 Ok
- The client sends a
GET
request to the server. - Since you need to be authenticated to access the requested resource, the server sends back a
401 Unathorized
response and notifies the client in theWWW-Authenticate
header that it supportsNTLM
authentication. So this is where you get your first401
response code. - The client sends the domain name and the username to the server in the
Authorization
header. Note that based solely on these information the client cannot be authenticated yet. - The server sends a challenge to the client. It's a randomly generated number called a nonce. This is where you get your second
401
response code. - The client sends back a response to the server's challenge, using its password's hash to encrypt the random number.
- The server sends the client's username, the challenge sent to the client and the response received from the client to the domain controller. Using the username the domain controller retrieves the hash of the user's password and encrypts the challenge with it. If the result matches the response sent by the client, the client is authenticated and the server sends back a
200
response code and the requested resource to the client.
http get works in browser and postman but get a 401 using c# httpwebrequest
after checking the log in azure, I saw the following error message:
JWT validation failed: IDX10214: Audience validation failed. Audiences: '00000002-0000-0000-c000-000000000000'. Did not match: validationParameters.ValidAudience: 'f50a9d02-b8f4-408f-aaf8-0046e6cbf7a6' or validationParameters.ValidAudiences: 'null'.
I resolved the issue by adding '00000002-0000-0000-c000-000000000000' to the "Allowed Token Audiences" under Azure Active Directory Settings.
Related Topics
How to Count Rows Within Entityframework Without Loading Contents
Lambda Where Id Does Not Exist in Another List
How to Modify a Getter and Setter, to Handle a Null Reference Exception
C#, Access Child Properties from Parent Reference
Casting an Object into the Same Type as an Ienumerable Collection
Could Not Start Windows Service, Error 1064
How to Delete Records Between Two Dates in Bulk
How to Set Autoincrement Ids in Unit Test
C# Best Way to Run a Function Every Second, Timer VS Thread
How to Ignore Convert to Nullable in Lambda Expressions
Split String and Keep Delimiter in Sequence
How to Read Appsettings.Json With Array of Values
Post Byte Array to Web API Server Using Httpclient
Newtonsoft.Json Serializeobject Without Escape Backslashes
How to Check If a Datetime Value Is Empty or Not in a Put Request