Why is HttpClient authentication behaving differently between .Net Framework 4.6.2 and .Net Core 5?

Question

I have the same code as below targeting .Net Framework 4.6.2 and .Net Core 5 but seems to yield different authentication behavior.

The .Net Framework version works fine with WWW-Authenticate: Negotiate but the same code fails with the .Net Core version.

Here's the code snippet that I'm using for both.

var server = "https://www.example.com";
var client = new HttpClient(new HttpClientHandler { UseDefaultCredentials = true }) { BaseAddress = new Uri(server) };

var response = await client.GetAsync("/api/token");
var result = response.Content.ReadAsStringAsync().Result;

Console.WriteLine(result);

And here's the entire failure response.

StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
  Cache-Control: no-cache
  Pragma: no-cache
  WWW-Authenticate: Negotiate
  X-Powered-By: ASP.NET
  Date: Fri, 02 Jul 2021 08:30:51 GMT
  Content-Type: application/json; charset=utf-8
  Expires: -1
  Content-Length: 68
}

Is there anything else I missed in the .Net Core version?

Hard to say. You should run Fiddler to generate a trace of both requests and then compare both requests. Probably you can spot the difference and with this knowledge either solve the issue or ask a more specific question. — Oliver, Jul 02 '21 at 11:01
Possibly related: https://stackoverflow.com/questions/12212116/how-to-get-httpclient-to-pass-credentials-along-with-the-request/48649925#48649925 — Stephen Cleary, Jul 02 '21 at 13:48

Why is HttpClient authentication behaving differently between .Net Framework 4.6.2 and .Net Core 5?

0 Answers0