C# / .Net

An anonymous request was received in between authentication handshake requests

By February 5, 2021August 18th, 2021No Comments

The Error

I was receiving this error while hosting a webapi project on .net 5, using kestrel.

fail: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[5]
      An exception occurred while processing the authentication request.
      System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.
         at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HM6A34N67LO5", Request id "0HM6A34N67LO5:00000005": An unhandled exception was thrown by the application.
      System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.
         at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
         at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
         at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

Symptoms

Windows authentication works just fine when debugging locally, however, fails when deployed to a server, or accessing remotely via dns, with this error: System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.

How I corrected it.

My kestrel endpoints were configured to https://0.0.0.0:1234, with a certificate from myservice.mydomain.com.

I resolve the issue by setting my endpoint to https://myservice.mydomain.com:1234

Why am I blogging about this?

Because all of the advice I found while googling was incredibly unhelpful.

Git hub issue #1: Closed by microsoft bot… No help.

Stack Overflow #1: No help.

Stack Overflow #2: No Help

Stack Overflow #3: Links to GitHub Article stating windows auth is not supported.

Github Issue #2: States closed, does not work by design.

Relevant Microsoft Documentation: Tells me to set my SPN and/or to use HTTP.sys instead of kestrel.

So, If I helped a single person, by taking the 5 minutes to write this article, it has served its purpose.

If you do stumble upon this, and it helps you, leave a comment down below.

Update 8/18/2021

This issue happened to me again today. After googling around, I found my own article I had written (this one).

Well, no dice this time. However- updating the SPN records did correct it.

I had to run

setspn -S HTTP/myserver.mydomain.com myserviceaccount

for each of my servers, and then the issue went away.

Leave a Reply

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 85 other subscribers

%d bloggers like this: