Menu
Is there a complete Visual Studio Solution containing a project with an MVC Application that authenticates using Kerberos. This in turn calls an ASP.Net Web API service project (in the same solution), delegating credentials to the service during a service call (either GetAsync or PostAsync)?
I am having a specific problem with credentials, where the impersonated user in the Web API project is coming through as the service account running the MVC application, not the user making the request. I have found examples of specific lines or code to fix specific problems, but I am really looking for a single solution that brings everything together.
I've seen resources such as Pro ASP.NET Web API Security and ASP.Net Web-API Security but none contain a full solution showing how to implement the authorization scheme for windows Authenticaiton, and specifically Kerberos.
I recognize this may be a bit outside the normal questions asked, but I would prefer a full solution instead of posting a specific code question if possible.
653
When the MVC web app runs the initial query, the user's identity is attached to the thread that handles the request. If you make an asynchronous web service call, the remote call is made by a thread pool thread that has no attachment to the user's identity. You could try passing a reference to the current identity (from the HttpContext) and impersonate, but it seems that there would be race conditions you would need to avoid.
Of course, this is assuming that the remote calls work when made synchronously. Have you gotten that far?
117
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
