How to pass Windows Authentication credential from client to Web API service

Jim Last picture Jim Last · Oct 17, 2014 · Viewed 46.4k times · Source

Inside my corporate environment, I have IIS7.5 hosting both a Web API service and a separate website which makes calls into that service via the RestSharp library. Both are currently configured with Windows Authentication.

If I navigate to either one with a browser, I'm prompted to enter my windows credential, and everything works great... I get web pages that I want and the REST service spits out my data. The part I'm struggling to figure out is how to use a single credential to authentication both. I can't figure out how to either pass the Website's credential to the service (I tried impersonating but it didn't work), or to manually prompt the user for username/password and then authenticate them with "Windows".

Help a noob out?

Answer

Hafiz Attaullah Khwaja picture Hafiz Attaullah Khwaja · Oct 20, 2015

Settings for web API

  1. Enable Windows Authentication

Settings for web application

  1. Enable Windows Authentication
  2. Add <identity impersonate="true" /> in <system.web> of web.config
  3. Add the following in the web.config:

     <system.webServer>
         <validation validateIntegratedModeConfiguration="false" />
     </system.webServer>
    
  4. Enable Windows Authentication and ASP.NET Impersonation within IIS

You can use the following code to POST data to web API (and GET as well obviously)

using (var client = new WebClient { UseDefaultCredentials = true })
{
    client.Headers.Add(HttpRequestHeader.ContentType, "application/xml; charset=utf-8");
    byte[] responseArray = client.UploadData("URL of web API", "POST", Encoding.UTF8.GetBytes(XMLText));
    string response = Encoding.ASCII.GetString(responseArray);
}

NOTE: If you're still getting 401 errors you may need to use an IP address instead of a regular domain name for your URL (e.g.: 155.100.100.10 instead of mycompany.com)