I'm building a simple AspNetCore Balzor server app that calls an endpoint of an AspNetCore web Api. Both are hosted in IIS on a windows server.
When I run the website via IIS Express locally (pointing at the api on our windows server) everything thing works as expected. If I launch the hosted website, I get "HHTP Error 401.2 - Unauthorized".
This leads me to believe it is a double hop issue, but I really don't know how to resolve it.
Can anyone point me in the right direction?
This is the set up
- Both have IIS Authentication set to "Windows Authentication" on the server.
- Both have "builder.Services.AddAuthentication(NegotiateDefaults.AuthenicationScheme) in Program.cs.
These are the basic tests I've done
Call the end point directly from a browser
Added my windows user name & password directly into the CredentialCache, it returns the data.
var cache = new CredentialCache(); cache.Add(url, "Negotiate", new NetworkCredential("username", "password")); var handler = new HttpClientHandler() { Credentials = cache, PreAuthenticate = true }; var httpClient = new HttpClient(handler) { Timeout = new TimeSpan(0, 0, 10) }; var response = await httpClient.GetAsync(url);
UPDATE: This is from the HTTP Error 401.2 - Unauthorized Detailed Error Information
Module: UrlAuthorizationModule
Notification: AuthorizedRequest
Handler: aspNetCore
Error Code: 0x80070005
Request URL:http://servername.com:port/endpoint
Logon Method: Negotiate
Logon User: domain*servername*$
I created a web api and choosing windows auth as the Authentication Type using the template in vs2022. And created another blazor server app in .net 7 which choosing Windows Auth as well when creating.
I had code below in the blazor server app to call the API which worked well both in local side and publishing to IIS. Only difference is that in IIS I need to enable windows authentication and disable allow anonymous.