Hi there!
I'm trying to access data from our on-premise Dynamics (v8) via OData WebService using RestSharp / System.Net.Http but in this case i'm kind of stuck. I fiddled around a couple of days now and the problem seems to be somewhere around the authentication but I don't know what I'm doing wrong. The URL I'm sending a GET-Request to is
https://host.fqdn/systemenv01/api/data/v8.2/$metadata
using a valid windows domain user account which is able to log on to the dynamics normally.
When I try this in Firefox or the latest version of Postman (v7.36) using NTLM-Auth I get a proper metadata xml as the result. But when I try the same using RestSharp or simply System.Net.Http I only get a HTTP401-Unauthorized as response. What I tried to do is setting the user credentials as NetworkCredentials like
var client = new RestClient(Url);
var request = new RestRequest(Method.GET);
client.FollowRedirects = true;
client.Timeout = -1;
client.PreAuthenticate = true;
request.Credentials =
new NetworkCredential(User, Password);
but this doesn't seem to make any difference at all. Interestingly the response contains a Header with name "WWW-Authentication" and value "Negotiate
some.encrypted.string
" but I don't know what I should use this for. Would be great if someone could help me get this solved!
Thanks in advance!
regards
Markus
Hi folks,
after another couple of hours of googling through the internet and fiddling around this problem I found something very interesting.
The authentication works perfectly when I replace the domain name of the Dynamics system by its IP address. I do not know this for sure but this domain is below the TLD .dev which has HSTS activated by default (thanks google!). I even tried connecting using another FQDN from another TLD (which was .net) and this worked perfectly as well.
Therefore I conclude the issue is originated in the configuration and handling of HSTS.
Thanks to all!
Kind regards
Markus
Hi,grinsehinze-6718
The HTTP
401
Unauthorized client error status response code indicates that
the request has not been applied
because it lacks valid authentication credentials
for the target resource.
To authenticate through the server, you can add credentials in the Authorization request header (Using
RestSharp
(also this link)
or
HttpClient
):
RestSharp:
var client = new RestClient("http://example.com");
client.Authenticator = new SimpleAuthenticator("username", "foo", "password", "bar");
var request = new RestRequest("resource", Method.GET);
HttpClient:
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic",Convert.ToBase64String(byteArray));
About why you can work on firefox, you could have already authenticated on firefox while you didn't do the same on the other browsers.
Best Regards,
Jerry Cai
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi JerryCai-MSFT,
for starters, thank you very much for your answer!
I tried applying the Authentication using the SimpleAuthenticator or setting the AuthHeaderValue directly but that doesn't help. As I stated in my initial question, the server response includes a header value "WWW-Authenticate = Negotiate".
After some googling I came across this article which describes this kind of response as the server requires a Kerberos ticket for authorization. Sadly, implementing this in a prototype program using Nuget-Package Kerberos.NET did not lead to success.
The difference between the browsers is somewhere way deeper in their code. I tried monitoring them through their build-in dev-tools.
In Firefox I see three requests that are kind of bundled to one. I can only watch details of the last request which contains a request-header "Authorization = NTLM encryptedtoken". This request is honored with a HTTP200 with valid metadata by the server.
Whereas in Edge Chromium there is just one request reoccuring every time I provide the user credentials the browser is prompting for.
Thank you for you assistance!
Best regards
Markus
