Windows Authentication Between React and ASP.NET Back-end

Question

I have a multi-tier application which is using 2 NET Core ASP.NET tiers.

• Tier 01
  • React JS hosted via ASP.NET Core
• Tier 02
  • Back-end HTTP rest

The Tier 01 is using NTLM, so when the User open the Browser, ASP.NET Core loads the React SPA and from ASP.NET Core I can get the IPrincipal of the current Windows User. The Back-end, unfortunately, is always running in the context of the App Pool service account.

In this scenario, what would be the correct way, from React, to call the Back-end using the Windows Account which is running the application? Is there a way to generate a Token, like OAuth, in the Front-end NET Core host and then pass it to the Back-end?

Note

I do have an architectural requirement, I can't use Username and Password, I can't use Basic Authentication. The Front-end must open using NTLM and display the current Windows Account (this part is working)

Answer 1

I think you can use the approach mentioned in below link. In tier 01, create an API endpoint that requires Windows Authentication. Get user info from the identity and generate a token.

Use Windows Authentication with OAuth 2.0

For token generation, let's use IdentityServer. Generate access token with IdentityServer4 without password