runtime: HttpWebRequest in .NET Core 2.0 throwing 301 Moved Permanently

The following single-line console program works just fine in .NET Framework 4.6.1:

Console.WriteLine(XDocument.Load("http://feeds.thisamericanlife.org/talpodcast"));

However, in .NET Core 2.0 it throws the following exception:

Unhandled Exception: System.Net.WebException: The remote server returned an error: (301) Moved Permanently.
   at System.Net.HttpWebRequest.GetResponse()
   at System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials credentials, IWebProxy proxy, RequestCachePolicy cachePolicy)
   at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials, IWebProxy proxy, RequestCachePolicy cachePolicy)
   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
   at System.Xml.XmlTextReaderImpl.FinishInitUriString()
   at System.Xml.XmlTextReaderImpl..ctor(String uriStr, XmlReaderSettings settings, XmlParserContext context, XmlResolver uriResolver)
   at System.Xml.XmlReaderSettings.CreateReader(String inputUri, XmlParserContext inputContext)
   at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings)
   at System.Xml.Linq.XDocument.Load(String uri, LoadOptions options)
   at System.Xml.Linq.XDocument.Load(String uri)
   at ConsoleApp1.Program.Main(String[] args)

This has always worked in the full .NET Framework, presumably because it automatically follows the redirection. However, it does not do that in .NET Core (it seems that AllowAutoRedirect is simply ignored), so I’m assuming this is a bug. Please let us know if there’s a workaround.

[EDIT] Fixed C# syntax highlight & exception code formatting by @karelz

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 15 (5 by maintainers)

Most upvoted comments

Are you saying that this is by design in .NET Core, but NOT in the full .NET Framework?

Yes, this is by-design in .NET Core. This is a security-related change to prevent HTTPS -> HTTP redirection which is inherently insecure. For apps that need to follow those redirections, you can turn off automatic redirection in the handler and follow the Location: response header manually.

+3
davidsh on Aug 22, 2017

If you set AllowAutoRedirect, then you will end up not following the redirect. That means ending up with the 301 response.

HttpWebRequest (unlike HttpClient) throws exceptions for non-successful (non-200) status codes. So, getting an exception (most likely a WebException) is expected.

So, if you need to handle that redirect (which is HTTPS -> HTTP by the way), you need to trap it in try/catch block and inspect the WebException etc. That is standard use of HttpWebRequest.

That is why we recommend devs use HttpClient which has an easier use pattern.

+2
davidsh on Sep 6, 2017

@RevealedFrom if you set AllowAutoRedirect=false, then it is expected behavior to get the exception for 302 based on previous comment https://github.com/dotnet/corefx/issues/23422#issuecomment-327589873

+1
karelz on Oct 17, 2018
Read more comments on GitHub
← runtime: HttpWebRequest hits 1s timeout when resolving http://localhost on Win10 (.NET Framework is fast)
runtime: HttpWebRequest.ReadWriteTimeout is ignored - reading never times out →