使用HttpClient在本地主机上调用rest api导致401未经授权的IIS 8.5

Question

I've just discovered a strange behavior, and I am wondering if someone has an explanation to why my code behaves like this.

My scenario is this: I have two rest api created in c#, lets call them CoreApi and FrontApi. Both apis have separate sites and appPools on the same server, and both appPools are running as NetworkService. FrontApi uses HttpClient to call CoreApi. I trigger the call by calling FrontApi's ValuesController, which in turn calls CoreApi. CoreApi has enabled Windows Authentication, while FrontApi has anonymous authentication.

If I host FrontApi on my development machine it all works fine, but when cohosting on the same server using the full URL causes 401.0 Unauthorized when FrontApi calls CoreApi. When using " http://localhost/api/values " from FrontApi it works fine.

Any thoughts?

HttpClientHandler authHandler = new HttpClientHandler()
{
    Credentials = CredentialCache.DefaultNetworkCredentials
};
using (HttpClient confClient = new HttpClient(authHandler))
{
    HttpResponseMessage message = await confClient.GetAsync("http://mysite.acme.com/api/values");
    if (message.IsSuccessStatusCode)
    {
        result = await message.Content.ReadAsStringAsync();
    }
    else
        result = message.StatusCode.ToString();
}

Answer 1

The CredentialCache.DefaultNetworkCredentials property returns the credentials that the FrontApi IIS application pool is running under. The CoreApi doesn't know how to authenticate FrontApi's ApplicationPoolIdentity, but should be able to authenticate NetworkService.

If you change the app pool identity from ApplicationPoolIdentity to NetworkService, that should fix your 401 response from CoreApi.