Skip to content

Bug Report: Authentication Validation Error (GenericFailure) in .NET8 #105574

Open
@korovindenis

Description

Description

When executing the provided code snippet in a .NET 8 project, an HttpRequestException is thrown with the message Authentication validation failed with error - GenericFailure. This issue occurs when attempting to send an HTTP request using HttpClient with Kerberos authentication and utilizing default credentials.

Reproduction Steps

  1. Create a new .NET 8 project.
  2. Add the following code to the Program.cs file:
using System.Net;
class Program
{
    static async Task Main(string[] args)
    {

        var handler = new HttpClientHandler
        {
            UseDefaultCredentials = true,
        };

        using (var client = new HttpClient(handler))
        {
            try
            {
                HttpResponseMessage response = await client.GetAsync("...");
                response.EnsureSuccessStatusCode();

            }
            catch (Exception ex)
            {
                Console.WriteLine(ex);
            }
        }
    }
}
  1. Run the project.

Expected behavior

The HTTP request is successfully sent, and the response is processed without any exceptions.

Actual behavior

System.Net.Http.HttpRequestException: Authentication validation failed with error - GenericFailure.
   at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Program.Main(String[] args) in C:\...\Program.cs:line 16

Regression?

In .NET 6 this issue does not occur.

Known Workarounds

  • Changing the HTTP version to HTTP/1.0 by setting client.DefaultRequestVersion = HttpVersion.Version10.
  • Using .NET 6 where this issue does not occur.

Configuration

  • .NET SDK Version: .NET8

  • Operating System: Win10

  • Server: Using gokrb5 Kerberos library

Other information

The problem may be related to the following code added in .NET 8:

// Tail response for Negotiate on successful authentication. Validate it before we proceed.

Additionally, in the gokrb5 library, there is a constant used for the WWW-Authenticate header set to the client upon successful authentication with HTTP code 200 . Could this be related to the issue?

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    area-System.Net.Httpneeds-further-triageIssue has been initially triaged, but needs deeper consideration or reconsiderationtracking-external-issueThe issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions