NTLM authentication with .NET web API project

Hi!
I’m trying to get NTLM authentication to work with Postman 10.8 Desktop for a Web API built with .NET on Windows.
The Web API is the unadulterated Web API project created by Visual Studio 2022 (the WeatherForecast sample) and selecting “Windows” for authentication.
The API is self-hosted and being accessed via https with a local developer certificate.

I can successfully access the API using the built-in Swagger API test page in Edge on the same machine.

If I try accessing the API with Postman, I always get a 401 - Unauthorized reply.
I’ve tried every possibility for “NTLM Authentication”:

  • Entering username with or without domain
  • Setting the domain (and/or) workstation explicitely
  • Toggling the “Yes, disable retrying the request” check box.

What’s puzzling me is that no Header is being added for NTLM authentication.
For Basic Auth, I get an “Authorization: Basic …” header.
For NTLM I’d expect an “Authorization: NTLM …” header, but there is none.

Any idea what goes wrong?

Thanks in advance

Whoever reads this:
I’ve got the NTLM authenticated request from Postman to work by switching from self-hosting to letting the Web API be hosted in IIS Express.
That way, I can access the API through all the different ways: Swagger API test page in Edge, own test application using a .NET HttpClient or using Postman with NTLM authentication.

While it works now, I still fail to understand why selfhosting doesn’t work.

Perhaps someone can shed some light on this aspect?

1 Like