locked
Calling Web API from WinRT C# with Windows Authentication and unable to get user's identity

    Question

  • I've researched this quite a bit, and I'm pretty sure I'm doing this right. But still, my service is unable to obtain the user's identity:

    1) The user has logged on to their Windows 8.1 machine using domain credentials.

    2) They run my C#/XAML WinRT app, which calls Web API services in the same domain.

    3) The Web API services require Windows authentication.

    4) My app has the following Capabilities set:
      - Enterprise Authentication
      - Internet (client)
      - Private Networks (Client & Server)

    5) Currently, both the app and the service are running on my local Win 8.1 machine in Visual Studio 2013.

    6) My Web API service project (using IIS Express) has Windows Authentication set to True.

    7) In my Web API service, the System.Web.HttpContext.Current.User.Identity object has an empty string in the Name property and false in the IsAuthenticated property. Why?!?

    There is a similar post at http://social.msdn.microsoft.com/Forums/windowsapps/en-US/283dc206-934f-4859-ba42-f5308a5f2e53/bypassing-windows-authentication-prompt-using-enterprise-authentication?forum=winappswithhtml5, where the poster was simply trying to bypass the credentials dialog in a WinJS app. The implication in that post is that what I'm trying to do is completely doable.

    Any ideas why I can't pick up the user's name in the service? This has worked perfectly for me in the past making calls from jQuery in a browser, so I can't understand why it's not working for my WinRT client.



    Thursday, July 03, 2014 4:58 PM

Answers

  • The nice thing about being pessimistic is that you are pleasantly surprised to be wrong.

    In fact, switching from the old HttpClient (in System.Net) to the new one (in Windows.Web) did the trick!

    I am now able to obtain the user's domain credentials on the server side.

    Bottom line is: You can’t use the “old” HttpClient (the one in the System.Net namespace; even with UseDefaultCredentials=true). You *must* use the new one (in Windows.Web) if you want to obtain the credentials from within the service.
    Thursday, July 03, 2014 6:30 PM
  • cute :)

    Microsoft Certified Solutions Developer - Windows Store Apps Using C#

    Thursday, July 03, 2014 6:31 PM

All replies

  • which http client are  you using (from which namespace?)

    Microsoft Certified Solutions Developer - Windows Store Apps Using C#

    Thursday, July 03, 2014 5:45 PM
  • System.Net.Http.HttpClient
    Thursday, July 03, 2014 5:47 PM
  • you set use default credentials to true? for the old http client you use this is required. Maybe try to use the new one that is in the windows namespace. here you dont need to set usedefaultcredentials to true.

    i dont have good testing envoriment right now.. sorry otherwise would make a working sample.. never had any problems with it.


    Microsoft Certified Solutions Developer - Windows Store Apps Using C#

    Thursday, July 03, 2014 5:52 PM
  • Thanks Dave.

    Unfortunately, adding UseDefaultCredentials = true with the old client did not help:

    using

    (var http = new HttpClient(newHttpClientHandler() { UseDefaultCredentials = true}))

    I am going to switch to using the new client as you suggest, in the hopes that doings so will resolve this issue. However, I am pessimistic this will help because adding UseDefaultCredentials = true with the old client didn't resolve it.

    It's not a quick switch; the way you POST requests differs between the old and new client. I'll post a reply letting you know what happens after I've refactored my code.


    Thursday, July 03, 2014 6:09 PM
  • i agree... it shouldnt make any difference...

    Microsoft Certified Solutions Developer - Windows Store Apps Using C#

    Thursday, July 03, 2014 6:12 PM
  • The nice thing about being pessimistic is that you are pleasantly surprised to be wrong.

    In fact, switching from the old HttpClient (in System.Net) to the new one (in Windows.Web) did the trick!

    I am now able to obtain the user's domain credentials on the server side.

    Bottom line is: You can’t use the “old” HttpClient (the one in the System.Net namespace; even with UseDefaultCredentials=true). You *must* use the new one (in Windows.Web) if you want to obtain the credentials from within the service.
    Thursday, July 03, 2014 6:30 PM
  • cute :)

    Microsoft Certified Solutions Developer - Windows Store Apps Using C#

    Thursday, July 03, 2014 6:31 PM
  • Thanks for pointing me in the right direction Dave!
    Thursday, July 03, 2014 6:32 PM