OWIN/Katana WebAPI using Windows Authentication keeps asking for login/password

1
votes

I have an OWIN/Katana WebAPI that is using Windows Authentication. When I run it locally, it's able to take in my windows credentials. However, when I deploy the WebAPI to a server/cluster, it keeps prompting me for my login and password.

I currently have the following in the Startup.cs:

  //Set up integrated windows authentication.
  HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
  listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;

I even tried this as well:

  HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
  listener.AuthenticationSchemes = AuthenticationSchemes.Negotiate;

In Fiddler, I was able to hit my API (on the server) by Enabling Authentication. But if I consume the API from another application, it automatically comes back with a 401 Unauthorized. Why is it still prompting a manual login even when I specifically made it Windows Authentication?

I've been following these articles:

http://www.sbrickey.com/Tech/Blog/Post/AllowAnonymous_for_OWIN_Katana_self_hosted_WebAPIs_using_Kerberos

https://blogs.msdn.microsoft.com/chiranth/2013/09/20/ntlm-want-to-know-how-it-works/

https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/enabling-windows-authentication-in-katana

1
c#asp.net-web-apiowinwindows-authenticationkatana
Prompt is normal if your callers do not pass user credentials. You have to write proper client side code.Lex Li
Thanks for the reply @LexLi - Why is this normal behavior? Shouldn't the windows login credentials of the client computer be automatically passed? Why didn't it prompt me when I ran the API locally on debug? Sorry for the stupid questions - I'm still new to auths.TheSugoiBoi
user credentials is not passed automatically especially when you call via code. Even IE would prompt you unless you configured it properly. There is too much for you to learn.Lex Li
thanks @LexLi. you're right - one step at a time for me.TheSugoiBoi
support.microsoft.com/en-us/help/258063/… you can learn a few basics from this link on how IE decides to prompt. When you use external code to call the service, again you need to match the criteria and also explicitly send user credentials. What is your client code?Lex Li

1 Answers

0
votes

I found out why my web client is failing (thanks to @LexLi). I thought the issue was in my API but it turns out that I wasn't even sending my user credentials from the client. I added the user credentials into the HttpHandler for my HttpClient and it worked. 

new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true })