4

I tried to consume a CRM2011 SOAP service with the HttpClient in .NET Core using windows authentication. The webserver was always able to authenticate me but CRM was not. Therefore I tried the same code inside a .NET Framework project and the request worked fine on the first try.

Then I tracked and compared the .NET Core and .NET Framework requests with Fiddler and recognized that the authorization header value was different.

After further investigation I found a list of the transports for each host and runtime which are used by the HttpClient on Microsoft docs: https://learn.microsoft.com/dotnet/api/system.net.http.httpclient?view=netcore-3.1

.NET Framework uses the HttpWebRequest and .NET Core uses the SocketsHttpHandler.

Then I found another post on Microsoft docs how to avoid using the SocketsHttpHanlder in .NET Core: https://learn.microsoft.com/dotnet/api/system.net.http.socketshttphandler?view=netcore-3.1

After disabling the handler in .NET Core the request worked as well. I guess that those handlers are using different TLS versions or hashing algorithms or something like that, but I am not able to find the differences between them.

Does anyone know the differences or a source where they are listed?

Ian Kemp
  • 28,293
  • 19
  • 112
  • 138
Sebastian S.
  • 1,173
  • 3
  • 13
  • 22
  • I would suggest filing an issue on https://github.com/dotnet/aspnetcore showing the differences that you encountered (e.g. the Fiddler traces on Framework vs Core) and asking if this is expected/intended behaviour, or a bug. If you do so, please add a link to that issue as a comment here, and if you get a resolution to the issue, post it as a self-answer on this question. – Ian Kemp Sep 28 '20 at 10:56
  • I diagnozed once a similar thing somewhere.. I started getting weird responses after switching gtom HTTP to HTTPS on one built-in .net http client lib, while it was running fine on HTTPS via another built-in .net http client.. and and it ended up with a surprise that the newest TLS version was not included in global static "default allowed TLS versions" list.. something like defaults said: 1.0,1.1,1.2 and my remote server accepted only 1.3.. but I'll have a hard time digging the exact facts.. – quetzalcoatl Sep 28 '20 at 10:57
  • @quetzalcoatl was that on Framework or Core though? TLS support on Framework pre-4.7 is a clusterf**k, whereas on Core it should Just Work. – Ian Kemp Sep 28 '20 at 11:05
  • @IanKemp yeah, that's VERY probable that it was on classic net-fram-4.6. There's a slight chance that it was core 1.0 or 1.1. But it was quite a few years ago and I no longer have access to that source code. – quetzalcoatl Sep 28 '20 at 11:35
  • Yaaaay I've found it -> https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error#comment89204526_46254549 -- it was default settings of `System.Net.ServicePointManager` and uh, oh.. it was powershell5 and TLS vs TLS1/1.2.. so it was somewhat similar, but quite far from net-framework/net-coe subject, sorry – quetzalcoatl Sep 28 '20 at 11:38
  • see this link maybe help: https://damienbod.com/2019/09/07/using-certificate-authentication-with-ihttpclientfactory-and-httpclient – sa-es-ir Sep 28 '20 at 12:39

0 Answers0