StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers

Question

User1415789316 posted

I am using ASP.NET MVC4 and calling a method within a controller from one MVC4 project to another, using PostAsync.  I am not using any authentication attribute within the called controller or method.

Referencing this link: [link][1]   [1]: https://stackoverflow.com/questions/16573145/asp-net-mvc-4-401-access-deniedhttp://

Fixed my issue when running application locally and calling PostAsync to application on server. Now, when I deploy the application to the server and try to call the other application I get the unauthorized error. What am I doing wrong?

Both application running in IIS are using the same site, and the same application pool.

Using remote debugging, this is the server response:

    {StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:     {       Cache-Control: private       Server: Microsoft-IIS/7.0       WWW-Authenticate: Negotiate       WWW-Authenticate: NTLM       X-Powered-By: ASP.NET       Date: Fri, 23 Jun 2017 13:44:19 GMT       Content-Length: 6644       Content-Type: text/html; charset=utf-8     }}

And this is my code:

using (var handler = new HttpClientHandler { UseDefaultCredentials = true })             
using (HttpClient client = new HttpClient(handler) { BaseAddress = new Uri(Properties.Settings.Default.EnvironmentRootPath)})             
{                 
  List<string> orderNumbers = NumList;                
   var pairs = new List<KeyValuePair<string, string>>                 
   {                     
     new KeyValuePair<string, string>("orderNumbers", string.Join(",", orderNumbers))                 };
     var content = new FormUrlEncodedContent(pairs);
     var response = client.PostAsync("CentralBroadcast/broadcastNewOrder", content).Result;                 

if (response.IsSuccessStatusCode)                 
{                     //                 
}                 
else                 
{                     //                 
}             

Application Pool is using Network for Identity.

Answer 1

User991499041 posted

Hi eaglei22,

{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:     {       Cache-Control: private       Server: Microsoft-IIS/7.0       WWW-Authenticate: Negotiate       WWW-Authenticate: NTLM       X-Powered-By: ASP.NET       Date: Fri, 23 Jun 2017 13:44:19 GMT       Content-Length: 6644       Content-Type: text/html; charset=utf-8     }}

When IIS cannot authenticate a request, it returns a 401.x-Unauthorized code. The substatus codes provide detailed information about why the request failed.

IIS 7.0, IIS 7.5, and IIS 8.0 define several HTTP status codes that indicate a more specific cause of a 401 error. The following specific HTTP status codes are displayed in the client browser but are not displayed in the IIS log:
401.1 - Logon failed.
401.2 - Logon failed due to server configuration.
401.3 - Unauthorized due to ACL on resource.
401.4 - Authorization failed by filter.
401.5 - Authorization failed by ISAPI/CGI application.

By default, IIS 7.0, IIS 7.5, and IIS 8.0 put log files in the following folder:

inetpub\logs\Logfiles

Could you show substatus codes in logfile?

Regards,

zxj

Answer 2

User1415789316 posted

Sorry for the delayed response. I went on vacation for a week.

I looked at the server logs, and for the PostAsync path, I see the following:

POST /Development/Dd/SignalRBroadcast/broadcastNewOrder -  -  - 401 2
POST /Development/Dd/SignalRBroadcast/broadcastNewOrder -  -  - 401 1

There are some numbers after the 2 and 1, but I removed those for security as I am not sure what they represent.