Windows Authentication: Login failed for user 'DOMAIN\MACHINE$'

0

I have seen many posts with the exact same error:

Microsoft.Data.SqlClient.SqlException (0x80131904): Login failed for user 'DOMAIN\MACHINE$'.

but the origin from this exception coud be quite different for each case, here is the explanation of mine:

I am building an API using asp.net core 3.1, the idea is that just some of the active directory users have access to the database behind the scenes.

When running the code from Visual Studio and IIS Express it connects fine, the process is using my active directory user by default to connect.

When publishing the API to my localhost IIS I get this:

  • Connecting from browser (Firefox) I get the exception, user is 'DOMAIN\MACHINE$', I get not even a prompt requesting the credentials.

  • Connecting from Postman, at the Auth tab I set Type NTLM Authentication, username, password and domain. Seems is not being used at all as I get same exception as with the Firefox.

  • Connecting from a console application I created for test purposes, I can get the data perfectly, the console process seems to really use the current user's credentials from windows.

Here the code from the console application:

static async Task<string> CallWebApiProtectedAsync(string webApiUrl) 
{
    try
    {
        var uri = new Uri(webApiUrl);
        var credentialsCache = new CredentialCache { { uri, "NTLM", CredentialCache.DefaultNetworkCredentials } };
        var handler = new HttpClientHandler { Credentials = credentialsCache };
        var httpClient = new HttpClient(handler) { BaseAddress = uri, Timeout = new TimeSpan(0, 0, 10) };
        httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
        var response = httpClient.GetAsync(webApiUrl).Result;
        return await response.Content.ReadAsStringAsync();
    }
    catch (Exception ex)
    {
        Console.WriteLine("Exception in CallWebApiProtectedAsync("+webApiUrl+"):\n" + ex.Message);
        return null;
    }
}

My goal is to get the API also working for Postman and Firefox, in order to test it in a more flexible way.

Probably I have screwed up any setting from the ASP.NET application itself or from the IIS, not sure at all, I am quite new into this... here some of the settings that may help you to catch the root of all this.

ASP.NET Core API connection string:

Server=SERVERNAME;Database=DATABASENAME;Trusted_Connection=False;Integrated Security=SSPI;");

I have also tried setting at the Startup class some options like:

app.UseAuthorization();
app.UseAuthentication();
services.AddAuthentication(HttpSysDefaults.AuthenticationScheme);
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.Configure<IISServerOptions>(options =>
{
    options.AutomaticAuthentication = false;
});        
services.Configure<IISOptions>(options =>
{
    options.ForwardClientCertificate = true;
});

But still same results.

IIS configuration for the Authentication is: Windows Authentication enabled. Rest of the entries are disabled (Anonymous, Basic and Digest).

Any idea or suggestion will be highly appreaciated :)

c#
asp.net-core
iis
sql-server-2008-r2
asp.net-core-webapi
asked on Stack Overflow Mar 11, 2020 by juagicre • edited Mar 11, 2020 by juagicre

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0