I'm trying to connect to a third-party SOAP service via a c# app. The following code works when running the app on a Windows machine:
var ws = new MyWebServiceClient();
ws.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("myusername", "mypassword", "mydomain");
var response = ws.SomeEndpoint();
Element xmlResult = response.Result.SomeEndpoint;
...
But if I run the same code from Linux or Mac OS, it fails with:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate, NTLM'.
I have a python app that can consume that same SOAP service when running on any operating system without running into issues, so the problem isn't in my linux distribution/setup.
Has anyone seen a similar issue with .NET core or found a workaround?
I found this issue report that suggests that the earlier versions of .NET core had limitations/bugs that could cause behavior similar to what I'm seeing, but it claims that those issues were resolved after RC2.
Assuming that issue report is wrong and that the issue still remains in the Linux/Mac distribution of .NET core, does anyone know how I can get the CredentialCache workaround, suggested in that article, working with a SOAP client? I'm pretty new to .NET and super new to .NET soap clients, so I apologize if that's a naive question.
It seems that, for non-Windows, .NET core is failing to attempt NTLM after Negotiate fails. I know, from the python app, that NTLM works with this particular SOAP service. How can I force it to skip "Negotiate" and and go straight to NTLM? It seems that that is what the CredentialCache workaround, from the above article, is doing. I just can't figure out how to make that work with a SOAP service...
.Net Core SOAP client wih NTLM Authentication and CredentialCache
As described on MSDN and here,
BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
EndpointAddress endpoint = new EndpointAddress("http://myservice");
var factory = new ChannelFactory<IMyService>(basicHttpBinding, endpoint);
CredentialCache myCredentialCache = new CredentialCache();
NetworkCredential myCreds = new NetworkCredential("username", "password", "domain");
myCredentialCache.Add("ContoscoMail", 45, "NTLM", myCreds);
factory.Credentials.Windows.ClientCredential =
myCredentialCache.GetCredential("ContosoMail", 45, "NTLM");
var client = factory.CreateChannel();
// ... use the webservice
Update: it's a bug fixed in 2.1
As already encountered here and fixed as a bug here, it should work with .net core 2.1 (not released and scheduled for Q1 2018).
So right now, you should try to use another type of authentication when connecting from Linux (look at RuntimeInformation.IsOSPlatform).
It is important to know how authentication works differently in Windows/Console app VS Web application.
Answers to your question to skip Negotiate (From Server): Go to IIS --> Go to site/application --> Select Authentication (Double Click on that)--> You will see options here --> Under Windows authentication (if this is enabled) then --> click on Provider in right side action pan.
Here you can move up down/remove "Negotiate" options.
来源:https://stackoverflow.com/questions/49121998/soap-authentication-fails-when-running-a-c-sharp-app-on-a-linux-box