c# - Replicate cURL Command Using Redirect and Cookies in .Net Core 3.1

Question

This one seems a long shot. But I have seen several answers that indicate that HttpClient (and similar) should be used when cURL is needed in a .Net Core Application.

I have the following cURL command (that works perfectly):

curl -v -L --negotiate -u : -b ~/cookiejar.txt  "https://idp.domain.net/oauth2/authorize?scope=openid&response_type=code&redirect_uri=https://localhost:5001&client_id=client_id_here"

The flow of this command goes like this:

1. Loads the provided url (https://idp.domain.net/oauth2/authorize....)
2. Gets a 302 response to redirect to https://idp.domain.net/iwa-kerberos?state=state_guid_here
   • Because the -L option is there, it follows the redirect
3. The redirect responds with a 401 (Unauthorized) with a www-authenticate:Negotiate header.
4. cURL sees the www-authenticate:Negotiate header and gets a Kerberos token from the operating system (because of the --negotiate and -u options).
5. cURL calls the redirect url (https://idp.domain.net/iwa-kerberos?state=state_guid_here) with an additional header of Authorization: Negotiate <kerberos token here>.
6. A response of 302 returned redirecting to https://idp.domain.net/commonauth?state=state_guid_here&iwaauth=1 with an added cookie
   • Because of the -b option, the cookie is picked up by cURL.
7. cURL calls the redirect url (https://idp.domain.net/commonauth?state=state_guid_here&iwaauth=1) with the cookie returned in the 302 of the previous step.
8. Another 302 redirect is returned. Redirecting to https://idp.domain.net/oauth2/authorize?sessionDataKey=session_key_guid_here with more cookies. (Again picked up because of the -b option.)
9. The redirect to https://idp.domain.net/oauth2/authorize?sessionDataKey=session_key_guid_here is followed with the added cookies.
10. Another 302 redirect is returned to https://localhost:5001/?code=code_guid_here&session_state=session_state_here (with an added cookie).
11. cURL folows the redirect to https://localhost:5001/?code=code_guid_here&session_state=session_state_here with the added cookie.
12. Contents of https://localhost:5001/?code=code_guid_here&session_state=session_state_here are returned to the cURL command line.

Writing this all out, it seems like a serious undertaking to get this to work in a .Net Application. But I figured I would ask in case it is built in to the framework somewhere.

Is there a .Net Core Framework class (or similar) that can allow me to reproduce this cURL command in C# code?

NOTE: I am able to do it by calling out to powershell. This question is about doing it with HttpClient.

Answer 1

Converting curl flags to HttpClient

-L

HttpClient should automatically follow redirects because HttpClientHandler.AllowAutoRedirect defaults to true.

--negotiate -u :

HttpClient will handle negotiation if you supply its constructor with a HttpClientHandler that supplies it with credentials. Since you're using default Windows credentials with -u :, you can use the code from this answer:

var client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true });

-b ~/cookiejar.txt

HttpClient can store cookies by supplying its constructor with an HttpClientHandler with a CookieContainer:

var client = new HttpClient(new HttpClientHandler() { CookieContainer = new CookieContainer() })

This depends on the HttpClientHandler having UseCookies = true, but it is true by default.

Returning Contents

You can use HttpClient.GetAsync and HttpResponseMessage.Content to read the response of the HttpClient

var response = await client.GetAsync("");
var content = await response.Content.ReadAsStringAsync();

Everything Combined

Here's what constructing HttpClient and making an equivalent request should look like if we explicitly set every value referenced above:

var client = new HttpClient(
    new HttpClientHandler()
    {
        // -L
        AllowAutoRedirect = true,

        // --negotiate -u :
        UseDefaultCredentials = true,

        // -b ~/cookiejar.txt
        CookieContainer = new CookieContainer(),
        UseCookies = true
    }
);

var response = await client.GetAsync("https://idp.domain.net/oauth2/authorize?scope=openid&response_type=code&redirect_uri=https://localhost:5001&client_id=client_id_here");
var content = await response.Content.ReadAsStringAsync();