HttpClient 401 未经授权的异常 'The system cannot contact a domain controller to service the authentication request.'
HttpClient 401 Unauthorized exception 'The system cannot contact a domain controller to service the authentication request.'
我在尝试使用 HttpClient 连接到远程 ASP.NET 网络 api 时收到异常的 401 未经授权错误:
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. ---> System.ComponentModel.Win32Exception: The system cannot contact a domain controller to service the authentication request. Please try again later
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
at System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate)
at System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials)
at System.Net.AuthenticationManagerDefault.Authenticate(String challenge, WebRequest request, ICredentials credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
at System.Net.HttpWebRequest.CheckResubmitForAuth()
at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at eNett.Contracts.Client.ClientApiProxy.<GetUsers>b__26_0(Task`1 response) in C:\eNett\Git\sl-ct\Client\eNett.Contracts.Client\ClientApiProxy.cs:line 361
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
我有以下设置:
- ASP.NET Web API 托管在服务器 A
即
HttpListener listener = (HttpListener)app.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes =
AuthenticationSchemes.IntegratedWindowsAuthentication;
- ASP.NET Windows 服务托管在连接到网络的服务器 A/本地主机上 API:
即
var httpClient = new HttpClient(new HttpClientHandler()
{
UseDefaultCredentials = true
})
{
BaseAddress = new Uri(baseUri)
};
var request = new HttpRequestMessage
{
Method = HttpMethod.Get,
RequestUri = BuildUri(relativeUri, parameters),
};
httpClient.SendAsync(request, cancellationToken);
身份验证在以下情况下有效:
我在本地 PC 上托管网络 api 并使用本地客户端进行呼叫
服务器 A 上的 Web api 从我本地 PC 上的 Web 浏览器调用
服务器 A 和我的本地 PC 正在使用:
- 同域
- Web api 和客户端
的相同 AD 凭据
- HTTPS/SSL连接
到目前为止我尝试了很多东西,但任何建议都很好。
更新: 发现环回检查是问题所在 https://blogs.technet.microsoft.com/scottstewart/2014/09/15/disableloopbackcheck-when-routing-through-a-load-balancer-powershell-sample-included/
通过服务器 A 的 FQDN 请求导致错误,但使用其 IP 有效。现在正在考虑为服务器 A 设置 SPN 以解决此问题。
发现环回检查是问题https://blogs.technet.microsoft.com/scottstewart/2014/09/15/disableloopbackcheck-when-routing-through-a-load-balancer-powershell-sample-included/通过服务器 A 的 FQDN 请求导致错误,但使用其 IP 有效。现在正在考虑为服务器 A 设置 SPN 以解决此问题。
我在尝试使用 HttpClient 连接到远程 ASP.NET 网络 api 时收到异常的 401 未经授权错误:
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. ---> System.ComponentModel.Win32Exception: The system cannot contact a domain controller to service the authentication request. Please try again later
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
at System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate)
at System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials)
at System.Net.AuthenticationManagerDefault.Authenticate(String challenge, WebRequest request, ICredentials credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
at System.Net.HttpWebRequest.CheckResubmitForAuth()
at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at eNett.Contracts.Client.ClientApiProxy.<GetUsers>b__26_0(Task`1 response) in C:\eNett\Git\sl-ct\Client\eNett.Contracts.Client\ClientApiProxy.cs:line 361
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
我有以下设置:
- ASP.NET Web API 托管在服务器 A
即
HttpListener listener = (HttpListener)app.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes =
AuthenticationSchemes.IntegratedWindowsAuthentication;
- ASP.NET Windows 服务托管在连接到网络的服务器 A/本地主机上 API:
即
var httpClient = new HttpClient(new HttpClientHandler()
{
UseDefaultCredentials = true
})
{
BaseAddress = new Uri(baseUri)
};
var request = new HttpRequestMessage
{
Method = HttpMethod.Get,
RequestUri = BuildUri(relativeUri, parameters),
};
httpClient.SendAsync(request, cancellationToken);
身份验证在以下情况下有效:
我在本地 PC 上托管网络 api 并使用本地客户端进行呼叫
服务器 A 上的 Web api 从我本地 PC 上的 Web 浏览器调用
服务器 A 和我的本地 PC 正在使用:
- 同域
- Web api 和客户端 的相同 AD 凭据
- HTTPS/SSL连接
到目前为止我尝试了很多东西,但任何建议都很好。
更新: 发现环回检查是问题所在 https://blogs.technet.microsoft.com/scottstewart/2014/09/15/disableloopbackcheck-when-routing-through-a-load-balancer-powershell-sample-included/ 通过服务器 A 的 FQDN 请求导致错误,但使用其 IP 有效。现在正在考虑为服务器 A 设置 SPN 以解决此问题。
发现环回检查是问题https://blogs.technet.microsoft.com/scottstewart/2014/09/15/disableloopbackcheck-when-routing-through-a-load-balancer-powershell-sample-included/通过服务器 A 的 FQDN 请求导致错误,但使用其 IP 有效。现在正在考虑为服务器 A 设置 SPN 以解决此问题。