Answer a question

I have some .NET Core 3.1 code that makes a call to a WCF service:

     var endpoint = new EndpointAddress("https://my-url");
     var client = new MyClient(MyClient.EndpointConfiguration.basicHttpBindingMy, endpoint);

     client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("api username", "api password");
     client.GetStuff();

Auto-generated code by Visual Studio for the binding:

    System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
    result.MaxBufferSize = int.MaxValue;
    result.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
    result.MaxReceivedMessageSize = int.MaxValue;
    result.AllowCookies = true;
    result.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
    result.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

Problem

This works perfectly on Windows, but when run in a Linux container (based on docker image mcr.microsoft.com/dotnet/runtime:3.1), I get this error:

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate, NTLM'.

Attempted solutions

I tried the following solutions I found elsewhere, but they do not seem to make a difference to this:

1. Called in main(): AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

2. Added to Dockerfile: apt-get update && apt-get install -y --no-install-recommends apt-utils gss-ntlmssp

Answers

I finally found the issue! It turned out to be caused by external factors, that had corrupted part of the login credentials during de-serialization, so the above code was not even the cause :/