3

I've got a .net core 7 microservice hosted in docker/kubernetes. Service must invoke external api which use Windows Authentication. Is there any way to use httpclient with ntlm auth inside docker container or maybe other solutions? I was spend several days investigating this problem but didn't find any worked solution. I've tried this approach

builder.Services.AddHttpClient(nameof(TFSClient), client =>
{
    client.BaseAddress = new Uri(clientsOpttions.Url);
})
.ConfigurePrimaryHttpMessageHandler(_ => new HttpClientHandler
{
    Credentials = new CredentialCache {
            {
                new Uri(clientsOpttions.Url), "NTLM", new NetworkCredential(ntlmOpttions.User, ntlmOpttions.Password, ntlmOpttions.Domain)
            }
        }
});

And then resolving it with

var client = _httpClientFactory.CreateClient(nameof(TFSClient));
var result = await client.GetAsync(_allProjectsUri);

But still got 401

Improve this question
0

2 Answers 2

Reset to default
6

if you haven't found a solution yet. Try adding to the docker file after FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS base

RUN apt-get update && apt-get -y install gss-ntlmssp

and also add in client Default Request Headers:

builder.Services.AddHttpClient(nameof(TFSClient), client =>
{
    client.BaseAddress = new Uri(clientsOpttions.Url);
    client.DefaultRequestHeaders.Connection.Add("Keep-Alive");
})
.ConfigurePrimaryHttpMessageHandler(_ => new HttpClientHandler
{
    Credentials = new CredentialCache {
            {
                new Uri(clientsOpttions.Url), "NTLM", new NetworkCredential(ntlmOpttions.User, ntlmOpttions.Password, ntlmOpttions.Domain)
            }
        }
});
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It works for my case!
Yeah adding that package install line to my dockerfile was all I needed to make my app work.
1

All I was needed to do is use Negotiate instead NTLM

builder.Services.AddHttpClient(nameof(TfsProjectsClient), client =>
{
    client.BaseAddress = new Uri(tfsClientsOpttions.ProjectsUrl);
})

.ConfigurePrimaryHttpMessageHandler((s) =>
{
    return new HttpClientHandler
    {
        PreAuthenticate = true,
        UseProxy = false,
        UseDefaultCredentials = false,

        Credentials = new CredentialCache
         {
            {
                new Uri(tfsClientsOpttions.ProjectsUrl), "Negotiate", new NetworkCredential(credentialOpttions.User, credentialOpttions.Password, credentialOpttions.Domain)
            }
         }
    };
});
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.