I have two sites, A and B A uses the API provided by B , and B requires Windows authentication. Both sites live in Domain D
The API is used through HttpClient , and when Site A runs locally, under my domain account (which is in Domain P ), access is granted. In this case, the HttpClient as follows:
using(var client = new HttpClient(new HttpClientHandler { UseDefaultCredentials: true }))
When A deployed to a test server, the above leads to a 401 Unauthorized response. The application pool on the test server runs under a service account in domain D
When explicitly using this service account, like this:
var credential = new NetworkCredential("service-account", "password", "D"); var cache = new CredentialCache { { new Uri(apiServerUri), "NTLM", credential } }; var handler = new HttpClientHandler { Credentials = cache }; using(var client = new HttpClient(handler)) ...
And again site A running locally, access is still granted. Access is also granted when accessing the API directly through the browser and specifying the credentials of the service account. Logs indicate that this is definitely a service account used to access the API.
Deploying the above on a test server still results in 401 Unauthorized .
Deploying site A on a local IIS instance also successfully uses API B
Running Site B locally, and then accessing it through Site A locally, results in 401 Unauthorized .
Accessing the API through a browser on the test server, where deployed, and specifying the credentials of the service account, also gives A 401 Unauthorized .
I'm not sure where to go from here - did I miss something in the code to make this work? Or could it be an IIS or AD problem?