c# - windows authentication working from local to server, but not server to server -


i have 2 sites, a , b. a consumes api b exposes, , b requires windows authentication. both sites live in domain d.

the api consumed via httpclient, , when site a run locally, under domain account (which in domain p), access granted. in case, httpclient instantiated so:

using(var client = new httpclient(new httpclienthandler { usedefaultcredentials: true }))

when a deployed testing server, above results in 401 unauthorized response. application pool on testing server running under service account in domain d.

when explicitly using service account this:

var credential = new networkcredential("service-account", "password", "d"); var cache = new credentialcache {   {     new uri(apiserveruri), "ntlm", credential   } }; var handler = new httpclienthandler {   credentials = cache };  using(var client = new httpclient(handler)) ...

and again running site a locally, access still granted. access granted when accessing api directly via browser, , specifying service account credentials. logs indicate service account being used access api.

deploying above testing server still results in 401 unauthorized.

deploying site a local instance of iis, consumes api of b.

running site b locally, , accessing via site a locally, results in 401 unauthorized.

accessing api through browser on testing server a deployed, , specifying service account credentials, gives 401 unauthorized.

i'm not sure go here - missing in code working? or iis or ad issue?

while i'm yet determine why work around works, or if there better way of doing (because feels clunky), following has allowed a connect b, when both sitting on same server.

site b has had additional host binding setup in iis, listen on localhost:12345. site a has been configured connect endpoint, rather domain name site b. authentication working correctly.

i interested if can explain why case - dislike 'magic' fixes.

edit seem this kb article cause behavior. specifically:

when use qualified domain name (fqdn) or custom host header browse local web site hosted on computer running microsoft internet information services (iis) 5.1 or later version, may receive error message resembles following: http 401.1 - unauthorized: logon failed issue occurs when web site uses integrated authentication , has name mapped local loopback address

and

therefore, authentication fails if fqdn or custom host header use not match local computer name.

registry modifications aren't option on these servers, looks work around using.


Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more