Search code examples
c#asp.nethttphttp2http.sys

Seems like HTTP/2 not working with authentication provided by Http.Sys in asp.net

Imagine i have two services on the same domain : https://example.com:5001 and https://example.com:5002

https://example.com:5001 has http.sys settings like this

.UseHttpSys(options =>
{
  options.Authentication.Schemes =
  AuthenticationSchemes.NTLM |
  AuthenticationSchemes.Negotiate;
  options.Authentication.AllowAnonymous = false;
  options.UrlPrefixes.Add("https://example.com:5001");
});

And https://example.com:5002 has this options:

.UseHttpSys(options =>
{
  options.AllowSynchronousIO = false;
  options.EnableResponseCaching = false;
  options.UrlPrefixes.Add("https://example.com:5002");
})

When i send request to first service i get different issues:

  1. Via HttpClient -> WinHttpHandler:
var handler = new WinHttpHandler()
{
  SslProtocols = SslProtocols.Tls12,
  ServerCredentials = CredentialCache.DefaultCredentials
};
           
var httpClient = new HttpClient(handler)
{
  DefaultRequestVersion = HttpVersion.Version20,
};

var response = httpClient.GetAsync("https://example.com:5001").Result;

Response have StatusCode 200, but protocol version downgrades to 1.1

  1. Via HttpClient -> HttpClientHandler:
var handler = new HttpClientHandler()
{
  SslProtocols = SslProtocols.Tls12,
  Credentials = CredentialCache.DefaultCredentials
};
           
var httpClient = new HttpClient(handler)
{
  DefaultRequestVersion = HttpVersion.Version20,
};

var response = httpClient.GetAsync("https://example.com:5001").Result;

Response have StatusCode 401, Unauthorized, and protocol version 2.0

  1. Via HttpWebRequest:
var webRequest = (HttpWebRequest)WebRequest.Create("https://example.com:5001");
webRequest.Credentials = CredentialCache.DefaultCredentials;
webRequest.Method = WebRequestMethods.Http.Get;
webRequest.ProtocolVersion = HttpVersion.Version20;

Throws exception : Only HTTP/1.0 and HTTP/1.1 version requests are currently supported. (Parameter 'value')

All same requests to https://example.com:5002 have status code 200 and protocol version HTTP/2

I suppose that the authentication not working properly with HTTP/2 in http.sys, or i am doing something wrong.

Any ideas how this might work correctly? Thank you in advance!

Solution

  • I found that http/2 does not support Windows Authentication. More details here: https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported