Status 401 (error code 80090308) when using .NET client and HTTP 1.0 protocol

281 views

Skip to first unread message

Olivier Jaquemet

unread,

Dec 12, 2013, 5:23:52 AM12/12/13

to waffle...@googlegroups.com

Hi All,

An information for other users which might encounter this behavior.

If you are developing a network client in .NET in which your want automatic authentication from Kerberos, for example using this code :

http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials(v=vs.110).aspx

Do NOT set the following option on your .NET client WebRequest :

request.ProtocolVersion = HttpVersion.Version10;

Otherwise Tomcat + Waffle filter will not be able to validate the token and will return a 401 :

DEBUG w.servlet.NegotiateSecurityFilter - GET /waffle-filter/index.jsp, contentlength: -1

DEBUG w.s.s.NegotiateSecurityFilterProvider - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52440

DEBUG w.s.s.NegotiateSecurityFilterProvider - token buffer: 121 byte(s)

WARN w.servlet.NegotiateSecurityFilter - error logging in user: The token supplied to the function is not valid

Adding more debug code in WindowsAuthProviderImpl.acceptSecurityToken indicates Secur32.INSTANCE.AcceptSecurityContext returns error code 80090308

Worth noting that the same .NET client would work and be authenticated properly with IIS windows authentication which might circumvent the protocol limitation in other way.

It might be obvious for some of you but I lost too much time with this as we had a legacy client in which this option had been forced :)

Olivier

PS : observed with Tomcat 6.0.35, Waffle 1.5

Daniel Doubrovkine

unread,

Dec 12, 2013, 8:11:33 AM12/12/13

to waffle...@googlegroups.com

Could you please contribute this into the FAQ? I realize we don't even have a full example of using a .NET client to talk to IIS or Tomcat/Waffle. - https://github.com/dblock/waffle/blob/master/Docs/FAQ.md. Thanks.

--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

dB. | Moscow - Geneva - Seattle - New York
code.dblock.org - @dblockdotorg - artsy.net - github/dblock

Reply all

Reply to author

Forward

0 new messages