How to pass Windows Authentication credential from client to Web API service

by

Inside my corporate environment, I have IIS7.5 hosting both a Web API service and a separate website which makes calls into that service via the RestSharp library. Both are currently configured with Windows Authentication.

If I navigate to either one with a browser, I’m prompted to enter my windows credential, and everything works great… I get web pages that I want and the REST service spits out my data. The part I’m struggling to figure out is how to use a single credential to authentication both. I can’t figure out how to either pass the Website’s credential to the service (I tried impersonating but it didn’t work), or to manually prompt the user for username/password and then authenticate them with “Windows”.

Help a noob out?

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Settings for web API

  1. Enable Windows Authentication

Settings for web application

  1. Enable Windows Authentication
  2. Add <identity impersonate="true" /> in <system.web> of web.config
  3. Add the following in the web.config: 
     <system.webServer>
     <validation validateIntegratedModeConfiguration="false" />
 </system.webServer>
  4. Enable Windows Authentication and ASP.NET Impersonation within IIS

You can use the following code to POST data to web API (and GET as well obviously) 

using (var client = new WebClient { UseDefaultCredentials = true })
{
    client.Headers.Add(HttpRequestHeader.ContentType, "application/xml; charset=utf-8");
    byte[] responseArray = client.UploadData("URL of web API", "POST", Encoding.UTF8.GetBytes(XMLText));
    string response = Encoding.ASCII.GetString(responseArray);
}

NOTE: If you’re still getting 401 errors you may need to use an IP address instead of a regular domain name for your URL (e.g.: 155.100.100.10 instead of mycompany.com)

Method 2

If you use impersonation on your web site and the API is running on the same server it should work.

http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx

However, if you would move the API to a different server from the site this will stop working. A two-server setup requires Kerberos delegation.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x