问题
I'm currently writing up a simple .NET Core based client for interacting with Hadoop Clusters via WebHCat and I'm trying to figure out how to authenticate with the SPNEGO as you would in something like curl or Powershell Core.
Using Curl I am able to query the status endpoint of WebHCat like so:
curl "http://10.2.0.9:50111/templeton/v1/status" --negotiate -k -u :
The same request can also executed in Powershell Core:
$client = New-Object System.Net.WebClient;
$client.UseDefaultCredentials = $true;
$client.DownloadString("http://10.2.0.9:50111/templeton/v1/status");
However when it comes to running the following in a .NET Core project sitting on the same server as the cluster:
using System;
using System.Net;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
namespace testauth
{
class Program
{
static async Task Main(string[] args)
{
var host = "http://10.2.0.9:50111/templeton/v1/status";
var handler = new HttpClientHandler
{
UseDefaultCredentials = true,
AllowAutoRedirect = true,
};
using (var client = new HttpClient(new LoggingHandler(handler)))
{
var res = await client.SendAsync(new HttpRequestMessage(HttpMethod.Get, host));
}
}
}
}
I get the following error:
Unhandled Exception: System.ComponentModel.Win32Exception: GSSAPI operation failed with error - An invalid status code was supplied (Server not found in Kerberos database).
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatusPal& statusCode)
The client is running .NET Core 2.1 so as was mentioned in this issue I should just be able to pass default credentials into the handler and it would work as expected.
I have also tried writing the same code that I used in PowerShell Core in C# and despite the code being identical it still throws the same error?
The only other details I can give is that the Kerberos is connected to an Active Directory instance with only one user and all these requests are run after the ticket for that user have been created with kinit.
回答1:
I managed to find a fix. With ASP.NET Core 2.1 they introduced a new SocketsHttpHandler which is used by default for requests. This means that on some platforms it may override the HttpHandler provided in my request and so to default to the sockets handler you should use:
AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);
This fixed my request.
来源:https://stackoverflow.com/questions/52266659/net-core-spnego-auth-with-httpclient