We have developed a WPF Application with C# and are using RestSharp to communicate with a simple Web Service like this:
Client = new RestClient(serviceUri.AbsoluteUri);
Client.Authenticator = new NtlmAuthenticator(SvcUserName, SvcPassword.GetString());
It all worked great until we received calls that on some machines (most work) the app can't connect to the service. A direct call to the service method with fiddler worked. Then we extracted a small .net console app and tried the service call with RestSharp and directly with a HttpWebRequest and it failed again with 401. Now we enabled System.Net tracing and noticed something. After the first 401, which is normal,the faulty machine produces this log:
System.Net Information: 0 : [4480] Connection#3741682 - Received headers { Connection: Keep-Alive Content-Length: 1293 Content-Type: text/html Date: Mon, 10 Aug 2015 12:37:49 GMT Server: Microsoft-IIS/8.0 WWW-Authenticate: Negotiate,NTLM X-Powered-By: ASP.NET }. System.Net Information: 0 : [4480] ConnectStream#39451090::ConnectStream(Buffered 1293 bytes.) System.Net Information: 0 : [4480] Associating HttpWebRequest#2383799 with ConnectStream#39451090 System.Net Information: 0 : [4480] Associating HttpWebRequest#2383799 with HttpWebResponse#19515494 System.Net Information: 0 : [4480] Enumerating security packages: System.Net Information: 0 : [4480] Negotiate System.Net Information: 0 : [4480] NegoExtender System.Net Information: 0 : [4480] Kerberos System.Net Information: 0 : [4480] NTLM System.Net Information: 0 : [4480] Schannel System.Net Information: 0 : [4480] Microsoft Unified Security Protocol Provider System.Net Information: 0 : [4480] WDigest System.Net Information: 0 : [4480] TSSSP System.Net Information: 0 : [4480] pku2u System.Net Information: 0 : [4480] CREDSSP
System.Net Information: 0 : [4480] AcquireCredentialsHandle(package = NTLM, intent = Outbound, authdata = (string.empty)\corp\svc_account)
System.Net Information: 0 : [4480] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = HTTP/mysvc.mycorp.com, inFlags = Delegate, MutualAuth, Connection) System.Net Information: 0 : [4480] InitializeSecurityContext(In-Buffers count=1, Out-Buffer length=40, returned code=ContinueNeeded).
A working machine produces this output:
System.Net Information: 0 : [3432] Connection#57733168 - Empfangene Statusleiste: Version = 1.1, StatusCode = 401, StatusDescription = Unauthorized. System.Net Information: 0 : [3432] Connection#57733168 - Header { Content-Type: text/html Server: Microsoft-IIS/8.0 WWW-Authenticate: Negotiate,NTLM X-Powered-By: ASP.NET Date: Mon, 10 Aug 2015 15:15:11 GMT Content-Length: 1293 } wurden empfangen. System.Net Information: 0 : [3432] ConnectStream#35016340::ConnectStream(Es wurden 1293 Bytes gepuffert.) System.Net Information: 0 : [3432] Associating HttpWebRequest#64062224 with ConnectStream#35016340 System.Net Information: 0 : [3432] Associating HttpWebRequest#64062224 with HttpWebResponse#64254500 System.Net Information: 0 : [3432] Sicherheitspakete werden enumeriert: System.Net Information: 0 : [3432] Negotiate System.Net Information: 0 : [3432] NegoExtender System.Net Information: 0 : [3432] Kerberos System.Net Information: 0 : [3432] NTLM System.Net Information: 0 : [3432] Schannel System.Net Information: 0 : [3432] Microsoft Unified Security Protocol Provider System.Net Information: 0 : [3432] WDigest System.Net Information: 0 : [3432] TSSSP System.Net Information: 0 : [3432] pku2u System.Net Information: 0 : [3432] CREDSSP
System.Net Information: 0 : [3432] AcquireCredentialsHandle(package = Negotiate, intent = Outbound, authdata = System.Net.SafeSspiAuthDataHandle) System.Net Information: 0 : [3432] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = HTTP/mysvc.mycorp.com, inFlags = Delegate, MutualAuth, Connection)
System.Net Information: 0 : [3432] InitializeSecurityContext(Anzahl von In-Buffers = 1, Länge von Out-Buffer = 40, zurückgegebener Code = ContinueNeeded).
I wonder if some configuration on the faulty machine would cause this. At the moment I am not sure where to look next.
Update: Here is the Code of our simple test tool:
RestClient Client = new RestClient("https://mysvc.mycorp.com/service.svc");
Client.Authenticator = new NtlmAuthenticator("corp\\svc_account", "mypassword");
var request = new RestRequest("api/Method", Method.POST);
request.RequestFormat = DataFormat.Json;
request.AddBody(new { Device_Key = "somestring" });
request.Timeout = 200000;
RestResponse response = (RestResponse)Client.Execute(request);
Update 2: We have now confirmed that this Problem only occurs on newly installed win 7 machines that have an updated corporate Image. Almost Looks like some update in the last 2 months is screwing with us.