I'm migrating SSRS WCF client from .Net Framework to .Net Standard using this article https://blogs.msdn.microsoft.com/dataaccesstechnologies/2017/09/19/reporting-services-web-services-with-net-core-2/
Previous version of client initialization looks like this:
var client = new ReportExecutionService
{
Url = url,
Credentials = new NetworkCredential(username, password, domain)
});
and here is a code for the new version:
var basicHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly);
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
var endpointAddress = new EndpointAddress(url);
var client = new ReportExecutionServiceSoapClient(basicHttpBinding, endpointAddress);
client.ClientCredentials.Windows.ClientCredential = new NetworkCredential(username, password, domain);
The new client fails with 401 error. I've checked requests using Fiddler, both have similar auth token format:
Authorization: NTLM long_base64_string
But the value is different. NetworkCredential is initialized with the same values. What could be the reason of different tokens? Is there a way to decode these tokens to check what is actually sent in both cases? Regular base64 decode gives me a string that starts with NTLMSSP, followed by some binary data
Finally resolved by setting AllowedImpersonationLevel:
client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;