none
Getting a 401 Unauthorized after upgrading to Web API 2.0 and Microsoft.Net.Http 2.2.15

    Question

  • Hi all,

    I'm suddenly getting 401 Unauthorized errors after having upgraded to Web API 2.0.

    I have made no other changes except upgrading to Web API 2.0 on the server and Nuget package "Microsoft HTTP Client Libraries" version 2.2.15 on the client (Silverlight).

    The 401 errors appears to happen randomly, which makes it really hard to debug.

    Anyone else having issues with this upgrade?

    -Thanks!

    Edit : I get an 401.2 Unaouthorized: Logon failed due to server configuration.
    • Edited by ToreS Wednesday, October 23, 2013 2:15 PM
    Wednesday, October 23, 2013 1:54 PM

Answers

  • Hi, thanks for the reply!

    I was able to figure this out. There were a few issues involved regarding other parts of the Application and I'm not sure why it had worked properly up until now. Both anonymous and Windows auth were enabled, and the Web API services requires Windows auth, so I had to disable anonymous auth.

    The second part I had to do was change how the HttpClient was instantiated. Before, the parameterless constructor was used, but I had to change it to use the one that takes in HttpClientHandler and set the "UseDefaultCredentials" property to true, so that auth info is passed along with the request.

    protected HttpClient CreateHttpClient()
            {
                HttpClientHandler handler = new HttpClientHandler();
                handler.UseDefaultCredentials = true;
                var client = new HttpClient(handler, true) { BaseAddress = this._uri };
                return client;
            }

    The reason I had to do this is because the Web API exposes http PUT and DELETE methods, so I

    had to use the Client stack instead of the browser stack when making requests.

    WebRequest.RegisterPrefix(string.Concat(_path, "api/"), WebRequestCreator.ClientHttp);                

    • Marked as answer by ToreS Friday, October 25, 2013 8:02 AM
    Friday, October 25, 2013 8:01 AM

All replies

  • Hi,

    According to the error message, I’d like to suggest you to do the following steps:

    1.From the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager.

    2.Under the Tree pane, browse to the desired Web site.

    3.Right-click the Web site, and then click Properties.

    4.On the Directory Security tab, under Anonymous access and authentication control, click Edit.

    5.Select (and implement) at least one type of authentication method.

    You can check the  link below for details:

    Error Message: HTTP 401.2 - Unauthorized: Logon Failed Due to Server Configuration with No Authentication

    http://support.microsoft.com/kb/253667


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, October 24, 2013 11:47 AM
  • Hi, thanks for the reply!

    I was able to figure this out. There were a few issues involved regarding other parts of the Application and I'm not sure why it had worked properly up until now. Both anonymous and Windows auth were enabled, and the Web API services requires Windows auth, so I had to disable anonymous auth.

    The second part I had to do was change how the HttpClient was instantiated. Before, the parameterless constructor was used, but I had to change it to use the one that takes in HttpClientHandler and set the "UseDefaultCredentials" property to true, so that auth info is passed along with the request.

    protected HttpClient CreateHttpClient()
            {
                HttpClientHandler handler = new HttpClientHandler();
                handler.UseDefaultCredentials = true;
                var client = new HttpClient(handler, true) { BaseAddress = this._uri };
                return client;
            }

    The reason I had to do this is because the Web API exposes http PUT and DELETE methods, so I

    had to use the Client stack instead of the browser stack when making requests.

    WebRequest.RegisterPrefix(string.Concat(_path, "api/"), WebRequestCreator.ClientHttp);                

    • Marked as answer by ToreS Friday, October 25, 2013 8:02 AM
    Friday, October 25, 2013 8:01 AM
  • Hi, thanks for the reply!

    I was able to figure this out. There were a few issues involved regarding other parts of the Application and I'm not sure why it had worked properly up until now. Both anonymous and Windows auth were enabled, and the Web API services requires Windows auth, so I had to disable anonymous auth.

    The second part I had to do was change how the HttpClient was instantiated. Before, the parameterless constructor was used, but I had to change it to use the one that takes in HttpClientHandler and set the "UseDefaultCredentials" property to true, so that auth info is passed along with the request.

    protected HttpClient CreateHttpClient()
            {
                HttpClientHandler handler = new HttpClientHandler();
                handler.UseDefaultCredentials = true;
                var client = new HttpClient(handler, true) { BaseAddress = this._uri };
                return client;
            }

    The reason I had to do this is because the Web API exposes http PUT and DELETE methods, so I

    had to use the Client stack instead of the browser stack when making requests.

    WebRequest.RegisterPrefix(string.Concat(_path, "api/"), WebRequestCreator.ClientHttp);                

    Worked for me thanks!
    Monday, October 22, 2018 5:12 AM