I'm developing a web application on .NET Core 1.1, with both a Web API and an MVC application. I'm hitting an issue when I attempt to call the Web API from within the application when it's being hosted on IIS.
I have both the MVC and API application on the same IIS Web Site, and both have Windows Authentication (with NTLM/Negotiate providers) enabled.
I have forwardWindowsAuthToken=true in the web.config.
I can directly call the API URL from Postman/Web Browser and receive JSON results
All API calls are being made in an HttpClient with a constructor of an HttpClientHandler that has UseDefaultCredentials = true
If I run the MVC application on my desktop (I.E. through visual studio w/ debugging) and have it pointed at the Web API on the IIS web site, I get proper JSON results and no 401 error.
Changing the hosting URL on the MVC application to localhost instead of the fully qualified URL has no effect on the issue
I think it has something to do with ASP.NET Core not forwarding the correct credentials to the Web API from my MVC application. I've spent a few hours trying to find someone in the exact same situation, but most solutions and questions had a slightly different variation than this, and the solutions posed for those did nothing for me.
Can anyone shed some light on this issue or point out what I'm doing improperly? Here's an example of an API Call I would make for a base index page...
public async Task<IncidentWrapper> GetIndex(int limit, int offset)
{
using (var client = new HttpClient(new HttpClientHandler { UseDefaultCredentials = true }))
{
var response = await client.GetStringAsync("https://<some.server.name>/<appname>/api/v1/Incidents?limit=10&offset=0");
return JsonConvert.DeserializeObject<IncidentWrapper>(response);
}
}
