How can I generate my own SPNEGO http header in a C# client, please? RRS feed

  • Question

  • Sorry if this is off-topic, if so then do please say, but I first asked in the WCF forum and a moderator there has suggested I post here and in windowssecurity.
    I use a WCF WebHttpBinding client to consume services (which are actually hosted by a Linux JBoss server) and use Windows Authentication via a Kerberos ticket in a SPNEGO token.
    The trouble is that I see two http requests per service call, one without an Authorize header, a 401 response then a second with the SPNEGO.  Now, no doubt this is all RFC-4559 compliant, but I would like to be able to avoid the doubled round trip overhead.  There is no direct provision in the WCF WebHttpBinding to do this.
    I can though add an endpoint behavior to add my own http header, I would like to use that to provide SPNEGO on the first request, but what I don't know is how to construct and serialize an SPNEGO, say for my client's default credentials, in C#.
    If I have it right, then I know what authorization my service will accept (Kerberos) so I shouldn't need the initial 401 response.  I think I have seen others do this for say Basic Authentication, but then constructing the header is very simple.
    Thanks in anticipation
    Friday, November 4, 2011 1:54 PM


All replies