New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Net 6 httpclient 401 large requests #100200
Comments
@Harpush this is not actionable with the information provided. We would need packet captures, and at least some code from the client side to see what your application is doing. |
Sure I will add a code snippet - though it is pretty standard (http client with winhttphandler). |
On Windows the easiest way is Wireshark.
Any reason for not switching to SocketsHttpHandler? |
I hope I can use it on the machine... Not sure IT will approve of it. SocketsHttpHandler has a weird bug that kerberos delegation second hop to a wcf service always fail (net core to net framework to wcf). |
I think this may be dup of #29587 but it is hard to know without more details. But it would not explain why that happens only on large requests. There is logic to abandon large bodies instead of draining them. I would also suggest to set |
@antonfirsov The code is something close to (don't have the code in front of me): string res = await WindowsIdentity.RunImpersonatedAsync(
((WindowsIdentity)_httpContextAccessor.HttpContext.User.Identity).AccessToken,
async () =>
{
WinHttpHandler handler = new WinHttpHandler()
{
ServerCredentials = CredentialCache.DefaultCredentials,
SendTimeout = TimeSpan.FromMinutes(30),
ReceiveDataTimeout = TimeSpan.FromMinutes(30),
ReceiveHeadersTimeout = TimeSpan.FromMinutes(30)
};
using (HttpClient client = new HttpClient(handler))
{
HttpRequestMessage msg = await client.SendAsync(...);
return await msg.Content.ReadAsStringAsync();
}
}
); @wfurt I am pretty sure I tried it to no avail - but just to make sure can you explain where to set it? |
I am not sure if it is related... The odd behavior in my case is it doesn't happen always on large requests but pretty often. On small requests it never happens. And when doing cross machines calls the problem doesn't exist too. It only happens when calling the same machine I am on through DNS and kerberos SPN as IP works and localhost works. It happens even when there is no load balancer and one machine only. |
Expect 100-continue: https://learn.microsoft.com/en-us/dotnet/api/system.net.http.headers.httprequestheaders.expectcontinue?view=net-8.0 Packet capture for the 401 error would be probably the best now. This is still non-actionable for us as it is now. |
Was on a vacation... I have yet to succeed with Wireshark as I haven't got IT approval for it. |
So I tried Wireshark. It seems I can't make it work for loopback calls. The machine calls itself (to another iis pool) and Wireshark can't seem to record loopback card. |
Install |
This issue has been marked |
Description
I am migrating a net framework app to net 6. The app uses kerberos with delegation and impersonation. The net 6 app is self contained on iis with both windows and anonymous enabled. Httpclient uses WinHttpHandler with defaults credentials cache.
The app calls another net framework app (unchanged and works). After upgrading to net 6 I am getting sporadic 401 errors. It only happens when both apps are on the same machine (two pools) and when going through DNS name (with SPN configured for kerberos) and only with large post body requests.
When sending small body in those posts request everything works fine. Same if calling the same machine IP directly and same when calling the framework app on another machine.
It doesn't always happen but the larger the request the more often it happens.
Reproduction Steps
Not sure it is possible with all those specific setups...
Expected behavior
Should always work without those 401
Actual behavior
Getting sporadic 401
Regression?
Worked in net framework with web client
Known Workarounds
No response
Configuration
Net 6 self contained on iis
Other information
No response
The text was updated successfully, but these errors were encountered: