I've got a .net core 7 microservice hosted in docker/kubernetes. Service must invoke external api which use Windows Authentication. Is there any way to use httpclient with ntlm auth inside docker container or maybe other solutions? I was spend several days investigating this problem but didn't find any worked solution.
I've tried this approach
我在docker/kubernetes中托管了一个.Net core 7微服务。服务必须调用使用Windows身份验证的外部API。有没有办法在码头容器或其他解决方案中使用带有NTLM身份验证的HttpClient?我花了几天时间调查这个问题,但没有找到任何有效的解决方案。我试过这种方法
builder.Services.AddHttpClient(nameof(TFSClient), client =>
{
client.BaseAddress = new Uri(clientsOpttions.Url);
})
.ConfigurePrimaryHttpMessageHandler(_ => new HttpClientHandler
{
Credentials = new CredentialCache {
{
new Uri(clientsOpttions.Url), "NTLM", new NetworkCredential(ntlmOpttions.User, ntlmOpttions.Password, ntlmOpttions.Domain)
}
}
});
And then resolving it with
然后通过以下方式解决
var client = _httpClientFactory.CreateClient(nameof(TFSClient));
var result = await client.GetAsync(_allProjectsUri);
But still got 401
但还是得到了401
更多回答
优秀答案推荐
if you haven't found a solution yet. Try adding to the docker file after FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS base
如果你还没有找到解决方案的话。尝试从mcr.microsoft.com/dotnet/aspnet:7.0添加到docker文件后作为基础
RUN apt-get update && apt-get -y install gss-ntlmssp
and also add in client Default Request Headers:
还可以添加客户端默认请求标头:
builder.Services.AddHttpClient(nameof(TFSClient), client =>
{
client.BaseAddress = new Uri(clientsOpttions.Url);
client.DefaultRequestHeaders.Connection.Add("Keep-Alive");
})
.ConfigurePrimaryHttpMessageHandler(_ => new HttpClientHandler
{
Credentials = new CredentialCache {
{
new Uri(clientsOpttions.Url), "NTLM", new NetworkCredential(ntlmOpttions.User, ntlmOpttions.Password, ntlmOpttions.Domain)
}
}
});
All I was needed to do is use Negotiate instead NTLM
我所需要做的就是使用协商而不是NTLM
builder.Services.AddHttpClient(nameof(TfsProjectsClient), client =>
{
client.BaseAddress = new Uri(tfsClientsOpttions.ProjectsUrl);
})
.ConfigurePrimaryHttpMessageHandler((s) =>
{
return new HttpClientHandler
{
PreAuthenticate = true,
UseProxy = false,
UseDefaultCredentials = false,
Credentials = new CredentialCache
{
{
new Uri(tfsClientsOpttions.ProjectsUrl), "Negotiate", new NetworkCredential(credentialOpttions.User, credentialOpttions.Password, credentialOpttions.Domain)
}
}
};
});
更多回答
我是一名优秀的程序员,十分优秀!