Skip to main content
C# / .Net

An anonymous request was received in between authentication handshake requests

By February 5, 2021August 18th, 20212 Comments

The Error

I was receiving this error while hosting a webapi project on .net 5, using kestrel.

fail: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[5]
      An exception occurred while processing the authentication request.
      System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.
         at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HM6A34N67LO5", Request id "0HM6A34N67LO5:00000005": An unhandled exception was thrown by the application.
      System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.
         at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
         at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
         at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

Symptoms

Windows authentication works just fine when debugging locally, however, fails when deployed to a server, or accessing remotely via dns, with this error: System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.

How I corrected it.

My kestrel endpoints were configured to https://0.0.0.0:1234, with a certificate from myservice.mydomain.com.

I resolve the issue by setting my endpoint to https://myservice.mydomain.com:1234

Why am I blogging about this?

Because all of the advice I found while googling was incredibly unhelpful.

Git hub issue #1: Closed by microsoft bot… No help.

Stack Overflow #1: No help.

Stack Overflow #2: No Help

Stack Overflow #3: Links to GitHub Article stating windows auth is not supported.

Github Issue #2: States closed, does not work by design.

Relevant Microsoft Documentation: Tells me to set my SPN and/or to use HTTP.sys instead of kestrel.

So, If I helped a single person, by taking the 5 minutes to write this article, it has served its purpose.

If you do stumble upon this, and it helps you, leave a comment down below.

Update 8/18/2021

This issue happened to me again today. After googling around, I found my own article I had written (this one).

Well, no dice this time. However- updating the SPN records did correct it.

I had to run

setspn -S HTTP/myserver.mydomain.com myserviceaccount

for each of my servers, and then the issue went away.

Join the discussion 2 Comments

  • Frank says:

    Thank you for this post! It served as a great starting point for troubleshooting this issue. One thing that I could not for the life of me figure out was a way to configure kestrel to listen to a specific non ip url while also having it configured for https. It seems that one of these would always override the other. If you have ben able to do this, could you post how? For the time being I have resorted to using http.sys to serve my api, but I would prefer to use kestrel.

    • XO says:

      Excellent!

      If this post has saved a single person the nearly full day of troubleshooting It took me to identify and resolve this issue- that makes it all worth the time of posting! When I ran into this issue, I was not able to find many resources to assist.

      Regarding your second post- I listen on 0.0.0.0:443, using kestrel. I have not ran into any issues.

Leave a Reply

Close Menu

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 93 other subscribers
%d bloggers like this: