我已经调查的来源$ C ​​$ C HttpClientHandler（最新版本我能得到我的手），这是什么可以在SendAsync找到方法：

I have investigated the source code of HttpClientHandler (the latest version I was able to get my hands on) and this is what can be found in SendAsync method:

// BeginGetResponse/BeginGetRequestStream have a lot of setup work to do before becoming async
// (proxy, dns, connection pooling, etc).  Run these on a separate thread.
// Do not provide a cancellation token; if this helper task could be canceled before starting then 
// nobody would complete the tcs.
Task.Factory.StartNew(startRequest, state);

现在如果您在$ C $内检查的C pssed SecurityContext.IsWindowsIdentityFlowSup $ P $的值（）你最可能会得到正确的。在结果StartRequest方法是在新线程与asp.net程序（而不是模拟的用户的凭据）的凭据执行。

Now if you check within your code the value of SecurityContext.IsWindowsIdentityFlowSuppressed() you will most probably get true. In result the StartRequest method is executed in new thread with the credentials of the asp.net process (not the credentials of the impersonated user).

有两种可能的方法出于此。如果你有机会到你的服务器aspnet_config.config，您应该设置下列设置（这些设置在web.config中似乎没有任何效果）：

There are two possible ways out of this. If you have access to yours server aspnet_config.config, you should set following settings (setting those in web.config seems to have no effect):

<legacyImpersonationPolicy enabled="false"/>
<alwaysFlowImpersonationPolicy enabled="true"/>

如果你不能改变aspnet_config.config你必须创建自己的HttpClientHandler以支持此方案。

If you can't change the aspnet_config.config you will have to create your own HttpClientHandler to support this scenario.

更新关于FQDN的使用

您已经在这里打的问题是Windows中的一项功能，旨在防止反射攻击。要解决这一点，你需要加入白名单，你正在尝试是试图访问服务器的计算机***问域。请按照以下步骤进行：

The issue you have hit here is a feature in Windows that is designed to protect against "reflection attacks". To work around this you need to whitelist the domain you are trying to access on the machine that is trying to access the server. Follow below steps:

1. 点击开始 - >运行 - >注册表编辑器


2. 找到 HKEY_LOCAL_MACHINE \\系统\\ CurrentControlSet \\控制\\ LSA \\ MSV1_0 注册表项。


3. 右键点击它，选择的新的，然后的多字符串值的


4. 键入 BackConnectionHostNames （ ENTER 的）。


5. 右键单击刚刚创建的值，然后选择的修改的


6. 将主机名（S）为在数值框中的本地计算机上的网站（），点击的确定的（每个主机名/ FQDN必须在它自己的路线，没有通配符，名称必须是精确匹配）。


7. 保存一切，重新启动计算机

1. Go to Start --> Run --> regedit
2. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 registry key.
3. Right-click on it, choose New and then Multi-String Value.
4. Type BackConnectionHostNames (ENTER).
5. Right-click just created value and choose Modify.
6. Put the host name(s) for the site(s) that are on the local computer in the value box and click OK (each host name/FQDN needs to be on it's own line, no wildcards, the name must be exact match).
7. Save everything and restart the machine

您可以阅读关于这里问题全KB文章。

You can read full KB article regarding the issue here.