I am trying to get Web API 2 to work with Windows authentication and SSL. It looks like it can work with either one or the other, but when I enable both Windows authentication and SSL, I keep getting 401 responses from the server.
This is how we enable Windows authentication:
HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
When running with just HTTP (no HTTPS), Windows authentication seems to work. I see 401 responses followed by a 200 response.
I am also trying to get it to work with HTTPS on my local machine.
I went through the following steps to enable HTTPS:
- Added a mapping to the server name in my hosts file
- Installed a certificate (with the help of this post)
- Reserved a URL (
https://+:10001/) - Ran the service under the reserved URL
Starting the service:
var startOptions = new StartOptions();
startOptions.Urls.Add(baseUrl); // baseUrl is "https://+:10001/"
_webApplication = WebApp.Start<Startup>(startOptions);
If I disable Windows authentication (comment out the 2 lines with HttpListener above), I can access the service using the HTTPS protocol. The browser recognizes the certificate.
When I enable Windows authentication, I keep getting 401 responses (in Fiddler I can see up to 6 401 responses for one request). A browser keeps prompting me to log in, and fails after a number of attempts with a 401 code.
I have been trying to find someone facing a similar problem. This post looked promising. However, the author did not seem to have any issues with the .NET 4.5 version of OWIN.
Could anyone please advise? Thank you!
