0

I've spent the better part of a day going insane over this. I know there are many answers to similar questions on this very site, as well as all sorts of things on the internet, none of them seem to help me in my particular situation. I'm hoping that I'm going wrong somewhere really basic, or misunderstanding something.

Firstly, an outline of the problem.

I am creating an ASP.NET MVC5 website, which needs to call a WebApi 2.2 service which I'm also creating. Both will be hosted in IIS. This will be an intranet application, and secured using Windows Integrated Authentication. I need the user account used to access the MVC website to also be the one which the WebApi service uses to do things.

Initially, I had the WebApi website and the MVC website separate in IIS, but on the same machine.

The MVC website part works. It knows who the user is, and it all works as I'd expect.

When accessing the WebApi website directly, it also works as expected and knows who the user is.

The MVC website uses code like the following to call the WebApi website (I was using async/await but removed it in desperation in case it was causing any unexpected issues):

private HttpClient getClient()
{
    HttpClientHandler handler = new HttpClientHandler();
    handler.UseDefaultCredentials = true;
    var client = new HttpClient(handler);
    client.BaseAddress = new Uri(webApiUrl);
    return client;
}

public UserDTO GetMyUser()
{
    var client = getClient();
    var requestUrl = "api/User/GetMyDetails";
    var request = client.GetAsync(requestUrl);
    request.Wait();
    var result = request.Result;

    if (result.IsSuccessStatusCode)
    {
        var contentRequest = result.Content.ReadAsAsync<UserDTO>();
        contentRequest.Wait();
        var content = contentRequest.Result;
        return content;
    }
    else
    {
        var str = result.Content.ReadAsStringAsync();
        str.Wait();
        var resultString = str.Result;
        throw new UserException(resultString);
    }

}

The GetMyUser() method is called from a controller in the MVC website. When this happens, the User property in the WebApi controller is the service account the website Application Pool runs under, where I would like it to be the same account as reported by the MVC website's User property on the controller. I'm assuming this is the "double hop" issue.

This is all currently running on my PC in Local IIS (originally accessed from http://localhost/Website and http://localhost/WebApi), which is on a domain. Based on things I've read about the double hop issue, I've trusted my PC for delegation, which didn't seem to do anything helpful.

Based on other things I've read, I also put the MVC website and the WebAPI website stuff in the same project, and thus on the same website in IIS (which isn't a situation I want to keep, just wanted to see if it would help - it didn't). I've also tried with Impersonation turned on, and with it turned off, both to no avail.

I'm really not sure where to go next.

Neil
  • 726
  • 10
  • 14
  • 3
    Have you checked [this thread](http://stackoverflow.com/questions/12212116/how-to-get-httpclient-to-pass-credentials-along-with-the-request)? – jake May 03 '15 at 21:41
  • Yes, apparently switching to WebClient solved the issue. I wrote a simple extension method which does the JSON deserialization, and all seems to be good. Thanks. – Neil May 04 '15 at 09:09

0 Answers0