问题
I need to make a web request from WebServiceA running as ServiceAccountA to WebServiceB and have it authenticate using NTLM. Both web services are dotnet core 2.2 APIs hosted in IIS. ServiceAccountA is the service account set on the IIS App Pool. Just to be clear, I am NOT doing impersonation.
I'm using the RestSharp library to make HttpClient requests.
See NTLM Authenticator: https://github.com/restsharp/RestSharp/blob/master/RestSharp/Authenticators/NtlmAuthenticator.cs
The NTLM Authenticator with RestSharp uses System.Net.CredentialCache.DefaultCredentials. This works locally but after I deploy a dotnet core 2.2 web api to a windows server and host the app in IIS (in process) CredentialCache.DefaultCredentials is no longer working as expected. The WebServiceB is returning a 401.1 and when I check the IIS logs a service account is not being passed along after the challenge request.
I have tried using System.Net.CredentialCache.DefaultNetworkCredentials but I get the same issue. I confirmed that WebServiceB is working correctly with windows auth by hitting the service directly via a web browser and it authenticates my personal windows identity just fine.
I can see in task manager that the IIS worker process is indeed running as the correct Service Account. Is there a better or different way to pull the ICredentials object from the current running process?
回答1:
To help people who have similar problem. I would like to post the answer here.
When you failed to authenticate NTLM with CredentialCache.DefaultCredentials. You could try to disable DisableLoopbackCheck.
1.Go to registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
2.Create a REG_DWORD(32-bit) named DisableLoopbackCheck=1
3.Please reboot the server to make it work.
来源:https://stackoverflow.com/questions/58513675/credentialcache-defaultcredentials-isnt-respecting-iis-app-pool-credentials-wit