I'm currently investigating some strange behaviour I see when using the System.Net.Http.HttpClient.
I have a REST API with Windows Authentication enabled running on my webserver and I'm trying to get and post data to this REST API. Based on a domain users credentials.
I'm sending the credentials with the request via the HttpClientHandler as below
var httpClientHandler = new HttpClientHandler () {
Credentials = new NetworkCredential (username, password, AppConstants.DOMAIN_NAME),
};
var httpClient = new HttpClient (httpClientHandler);
httpClient.DefaultRequestHeaders.Accept.Clear ();
httpClient.DefaultRequestHeaders.Accept.Add (new MediaTypeWithQualityHeaderValue ("application/json"));
var result = await httpClient.GetStringAsync(url);
No problem using this code, in my Fiddler loggin I see 3 requests coming in, first one gets a 401 and returns the WWW-Authenticate headers that the server supports. Next request sends the NTLM WWW-Authenticate header and get some NTLM value back in the response. Third request send the correct NTLM authorization header and get's the data.
Seems to me like a normal authentication flow when using NTLM.
Troubles start when I want to POST data to the API and use the PostAsync method on the HttpClient. When I intercept the requests than the only request I see is the one that returns the WWW-Authenticate methods that the server supports.
Anyone have some clue why this is not continuing the authentication flow?
I have updated my code to use the WebClient and when I POST data with the WebClient it's working fine.
I have also tried to build a Console application on Windows and use the HttpClient to POST data to the same REST API and also than no problem with the authentication flow.