Dynamics Community Forum Thread Details

Business Central 14 Use Web Services in AL Programming Authentication Issue

Hello,

I am working on Modification to use Business Central 14 SOAP web service in AL Programming using Basic authentication.

I am facing problem with passing Basic Authentication in HttpClient request.

I have already enabled "Use NTML Authentication" = TRUE on service. Business Central 14 and SQL Server are installed on same my local computer. It is not network.

First, I have configured request in Postman and it has worked. I have checked network traffic in Fiddler and found that I have send request from Postman 1 time but Postman sends 3 time with different authentication. In Postman, I am using "NTML Authentication (Beta)". Please see snapshot 1. I have erased Credential and SOAPAction.

I do not understand why postman sends request 3 times and last is only successful?

I have also sent request from AL Programming,and it have authorization error when I send request. I have provided snapshot as below.

Any suggestion/help is appericiated.

Fiddler History. It sends request 3 times and last request is successful having authorization.

Below is request that is send from Business Central 14.

Any suggestions is appreciated.

This is a common behavior with NTLM authentication — it requires a multi-step handshake (3 requests):

1. Initial request without credentials (to get 401 Unauthorized with NTLM challenge).

2. Second request with NTLM negotiation token.

3. Third request with actual authentication info — this one succeeds.

Postman handles this automatically, but in AL HttpClient you must manually implement this handshake or use simpler auth.

Suggestions for your AL code in Business Central 14:

Basic Authentication with HttpClient can be tricky with NTLM-enabled services; BC14's AL HttpClient does not support automatic NTLM handshake.

If your service requires NTLM, try:

Use Windows Credential Manager or run the code on a machine where the user context has access.

Or call the SOAP service externally (e.g., Azure Function, .NET service) that handles NTLM, then call your function from AL.

Alternatively, if possible, disable NTLM and enable Basic Authentication only on the SOAP service in Business Central service settings (and in IIS config).

To set Basic Auth header manually in AL:

var

HttpClient: HttpClient;

RequestMessage: HttpRequestMessage;

ResponseMessage: HttpResponseMessage;

AuthValue: Text;

begin

AuthValue := 'Basic ' + Base64Encode('username:password');

RequestMessage := HttpRequestMessage.Create('POST', URL);

RequestMessage.Headers.Add('Authorization', AuthValue);

// add SOAP body etc.

HttpClient.Send(RequestMessage, ResponseMessage);