We have a web application [the site] that normally uses windows authentication to connect to a web service [the api]. The web application is .NET Framework 4.5.1, ASP.NET MVC. Service is .NET Framework 4.7.1, ASP.NET web api and odata. This has been working fine for many years. Recently it has become time to migrate the service and application to a new server. Both things have been moved from the Windows Server 2012R2 staging server to the newer 2019 staging server. A production environment has been stood up on Windows Server 2022. The issue is in staging. Both of these systems are custom so there will not be any documentation on the internet about it.
The site runs and displays my windows username, so it is apparent that windows authentication is working in that way. The site can also connect to databases appropriately. The site normally calls the api from one of the controllers, as the site is basically an internal testing platform. The api and the site both do some amount of logging. On the api side of things it logs all of the requests it receives, displaying whether the request was authenticated and if so a username. I presently see logs in the database with usernames associated, so some other staging systems are successfully communicating with the api. It is apparently only the site that is having problems. The response from the api is 401 unauthorized. It should record the name of the user - in this case the MSA running the site's app pool - and return the appropriate response for the request.
The controller in the site which calls the api uses HttpClient.
HttpClientHandler handler = new HttpClientHandler()
{
UseDefaultCredentials = true
};
using (var client = new HttpClient(handler))
{
client.BaseAddress = new Uri(ConfigurationManager.AppSettings["ServiceUrl"]);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.PostAsJsonAsync("api/Action", actionRequest).Result;
if (response.StatusCode != System.Net.HttpStatusCode.Created)
{
model.Message = "Error: " + response.StatusCode.ToString() + " : " + response.ReasonPhrase;
return View(model);
}
It looks like there must be some IIS or server issue at play here because it is the exact same code deployed in both servers - I compared the web.config files for all the environments. But I am not a master of IIS or server level configurations. I am not really sure what to even look for in this system that was originally set up by someone else over a decade ago. Normally when I create a new web application I am not encountering issues like this. Best I can do is look at the app pool configuration, the site authentication settings and see if they match up. And it looks like they do. I tried asking copilot about it but it did not give me much more useful information.