Why are requests sent twice?

Question

I have a winforms client application that uses HttpClient to connect to a WebApi2 app. I'm currently testing locally so the server starts using IIS Express 10.

The server app allows anonymous and also windows authentication. Every controller has the Authorize attribute.

The HttpClient is set up as follows:

WebRequestHandler handler = new WebRequestHandler()
{
    AllowAutoRedirect = false,
    AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
    CookieContainer = cookieContainer,
    Credentionals = new NetworkCredential(username, password),
    UseCookies = true,
    UseDefaultCredentials = true,
    UseProxy = false,
};
client = new HttpClient(handler, true)
{
    BaseAddress = new Uri(myUrl)
};

And to make sure, I also do:

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(ASCIIEncoding.ASCII.GetBytes(string.Format("{0}:{1}", Credentials.UserName, Credentials.Password))));

The application works fine, however the following is a snippet of the log being generated by IIS Express:

10:51:11 ::1 POST /myserver/Login - 55567 - ::1 - - 401 0 0 389

10:51:17 ::1 POST /myserver/Login - 55567 MicrosoftAccount\myemail@here.com ::1 - - 200 0 0 5760

10:51:51 ::1 POST /myserver/SearchFor itemType=38 55567 - ::1 - - 401 0 0 347

10:51:52 ::1 POST /myserver/SearchFor itemType=38 55567 MicrosoftAccount\myemail@here.com ::1 - - 200 0 0 815

10:51:55 ::1 GET /myserver/CustomerType/174 - 55567 - ::1 - - 401 0 0 400

10:51:55 ::1 GET /myserver/CustomerType/174 - 55567 MicrosoftAccount\myemail@here.com ::1 - - 200 0 0 574

For every request there's a 401 then a '200' code. I'm not explicitly setting the WWW-Authenticate header when sending the request.

How can I determine what kind of challenge the server is sending to the client?

EDIT

I've changed the initialization of HttpClient as follows:

var uri = new Uri(myUrl);

var credentialCache = new CredentialCache();
credentialCache.Add(new Uri(uri.GetLeftPart(UriPartial.Authority)), "NTLM", credentials);
        
WebRequestHandler handler = new WebRequestHandler()
{
    AuthenticationLevel = AuthenticationLevel.MutualAuthRequested,
    AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
    Credentials = credentialCache,
    PreAuthenticate = true,
};
client = new HttpClient(handler, true)
{
    BaseAddress = uri
};

On GET requests I always get a 401 followed by a 200 response. On other requests (POST, PATCH) there is only the 200 which I assume the client sent the authentication header correctly.

Why am I still getting a 401 on GET requests?

Possible duplicate of [HttpGet 401 status code followed by 200 status code](http://stackoverflow.com/questions/27818587/httpget-401-status-code-followed-by-200-status-code) — Thomas Weller, Jul 13 '16 at 11:17
@Thomas That question is for Android, which also has HttpClient but not related to .NET's HttpClient. — Ivan-Mark Debono, Jul 13 '16 at 11:19
It's not language specific, it's HTTP specific. But ok, then use this one: http://stackoverflow.com/a/6338985/4136325 — Thomas Weller, Jul 13 '16 at 11:20
Possible duplicate of [Why my Http client making 2 requests when I specify credentials?](http://stackoverflow.com/questions/6338942/why-my-http-client-making-2-requests-when-i-specify-credentials) — Geoff James, Jul 13 '16 at 11:22
@Thomas you should be more specific. All such authentication methods are called "challenge based" (Windows authentication/Kerberos/NTLM/Digest/Basic and so on), so 401/200 matches the "challenge" part. — Lex Li, Jul 13 '16 at 13:18

Why are requests sent twice?

0 Answers0