Asp.Net core MVC application Windows Authentication in IIS

Question

My Asp.Net Core mvc web application requires Windows Authentication. In developpement, on IIS Express, everything works fine thanks to this setting

launchSettings.json

 "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
    "iisExpress": {
      "applicationUrl": "http://localhost:61545/",
      "sslPort": 0
    }
  }

When deploying to IIS, I get a blank page. The Request to my site get a 500 error code.

I tried to add this configuration to Startup.cs, as explained here , without success.

    services.Configure<IISOptions>(options => {
        options.ForwardWindowsAuthentication = true;
    });

When I look into the authentication parameters directly in IIS, Windows Authentication is activated.

I found some post talking about a package called Microsoft.AspNetCore.Server.WebListener, others about implementing a custom Middleware. I can't imagine this basic feature needs that much effort to work. Am I missing something ?

Answer 1

launchSettings.json file is only used by VS. When you publish your app (or run without VS) launchSettings.json is not being used. When you run with IIS/IISExpress you just need to make sure that your web.config has correct settings. In your case the forwardWindowsAuthToken attribute in the web.config is missing or is set to false. It must be set to true for Windows Authentication to work. A sample web.config before publishing would look like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true"/>
  </system.webServer>
</configuration>