C
C#2mo ago
khamzat

Can't authenticate via NTLM from Linux Kestrel hosted ASP.NET API to IIS hosted ASP.NET API

Hi! Context: I am trying to authenticate and do a request on an API that is hosted via IIS and that uses NTLM authentication (Active Directory Username and Password) The API im using to run the authentication + request is hosted on Red Hat Openshift (Linux) with Kestrel RUN apk add --no-cache krb5-libs krb5 I have downloaded some krb5 libs through my docker, but have no idea if these are correct. 
public HttpResponseMessage CMImport(List<CMImport> Imports)
{
    var client = NTLMHttpClient();
    var result = client.PostAsJsonAsync(_config["CMImport:importurl"], Imports).Result;
    if (result.StatusCode == HttpStatusCode.Unauthorized)
    {
        foreach (var header in result.Headers)
        {
            Console.WriteLine($"{header.Key}: {string.Join(", ", header.Value)}");
        }
    }
    else
    {
        Console.WriteLine("Request succeeded.");
    }

    return result;
}

private HttpClient NTLMHttpClient()
{
    var credentials = new NetworkCredential(_config["CMImport:username"], _config["CMImport:password"]);
    var handler = new HttpClientHandler
    {
        Credentials = credentials,
        ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }
    };
    var client = new HttpClient(handler);
    return client;
}
public HttpResponseMessage CMImport(List<CMImport> Imports)
{
    var client = NTLMHttpClient();
    var result = client.PostAsJsonAsync(_config["CMImport:importurl"], Imports).Result;
    if (result.StatusCode == HttpStatusCode.Unauthorized)
    {
        foreach (var header in result.Headers)
        {
            Console.WriteLine($"{header.Key}: {string.Join(", ", header.Value)}");
        }
    }
    else
    {
        Console.WriteLine("Request succeeded.");
    }

    return result;
}

private HttpClient NTLMHttpClient()
{
    var credentials = new NetworkCredential(_config["CMImport:username"], _config["CMImport:password"]);
    var handler = new HttpClientHandler
    {
        Credentials = credentials,
        ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }
    };
    var client = new HttpClient(handler);
    return client;
}
Im getting 401 unauthorized here, and the response headers look like this: Transfer-Encoding: chunked Server: Microsoft-IIS/10.0 WWW-Authenticate: Negotiate, NTLM X-Powered-By: ASP.NET Date: Wed, 11 Dec 2024 11:57:56 GMT On a successful request, done from my computer to the IIS API in question, the response headers look like this: content-type: application/json; charset=utf-8 date: Tue,10 Dec 2024 12:25:31 GMT location: results persistent-auth: true server: Microsoft-IIS/10.0 transfer-encoding: chunked www-authenticate: Negotiate <insert token here> x-powered-by: ASP.NET anybody know what im doing wrong? i suspect its something to do with me hosting in linux but idk.
1 Reply
khamzat
khamzatOP2mo ago
i tested it locally and it worked, aka ran the api on my machine, and tried to do the same request but it's not working on Openshift Red Hat linux, when i host there any ideas? 
# Stage 1: Build the application
FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS publish
WORKDIR /src

COPY *.csproj .
RUN dotnet restore

COPY . .
RUN dotnet publish -c Release -o /app --no-restore

# Stage 2: Build the runtime image
FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine

# Install required libraries
RUN apk add --no-cache icu-libs
RUN apk add --no-cache krb5-libs krb5
RUN apk add --no-cache tzdata

# Configure environment variables
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV TZ=Europe/Oslo

WORKDIR /app
COPY --from=publish /app .

USER app
EXPOSE 8080
ENTRYPOINT ["dotnet", "SetupPortalAPI.dll"]
# Stage 1: Build the application
FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS publish
WORKDIR /src

COPY *.csproj .
RUN dotnet restore

COPY . .
RUN dotnet publish -c Release -o /app --no-restore

# Stage 2: Build the runtime image
FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine

# Install required libraries
RUN apk add --no-cache icu-libs
RUN apk add --no-cache krb5-libs krb5
RUN apk add --no-cache tzdata

# Configure environment variables
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV TZ=Europe/Oslo

WORKDIR /app
COPY --from=publish /app .

USER app
EXPOSE 8080
ENTRYPOINT ["dotnet", "SetupPortalAPI.dll"]
my docker file, if of interest!

Did you find this page helpful?