Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Windows and Anonymous Authentication in .Net Core 2.0

Tags:

c#

.net

authentication

asp.net

asp.net-core

I'm trying to mix Windows and Anonymous authentication in a .Net Core 2.0 empty web app. I would like to avoid the [Authorize] attribute as I do not want to use Mvc or controllers.

My setup is as follows:

  1. I created an empty .Net Core 2.0 web application

  2. I went to project properties -> Debug -> Checked "Enable Windows Authentication" and disabled "Enable Anonymous Authentication". Now "windowsAuthentication": true and "anonymousAuthentication": false appeared in my launchSettings.json under "IIS".

  3. Inside Startup.cs, in ConfigureServices I added services.AddAuthentication(Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme); as mentioned in https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x#windows-authentication-httpsys--iisintegration

  4. I added a simple Console.WriteLine(context.User.Identity.Name); to see that it works inside app.Run and... It all works!

However... as soon as I set "anonymousAuthentication" to true in launchSettings.json it stops working and I cannot figure out what can I do to make the Windows authentication work alongside with it. Context.User.Identity.IsAuthenticated is always false. As you can see my configuration is very simple and I need it to stay this way. I want to enable/disable windows authentication on certain dynamic routes, so using controllers with the [Authorize] attribute is not an option.

What I'm trying to achieve is a simple app where the url "/authenticated" would reply with the value of context.User.Identity.Name and the url "/public" would reply with something like say "This is a public page!". Something similar to NTLM authentication on specific route in ASP.NET Core but without the [Authorize] attribute and controllers. The resources are very scarce... Anyone have any idea what I could be missing? Thanks!

like image 694
Ted Chirvasiu Avatar asked Sep 06 '17 21:09

Ted Chirvasiu

1 Answers

Anonymous takes precedence. You need to call httpContext.ChallengeAsync() when you get an anonymous request to a restricted part of your app. That will cause the client to send credentials on the next request. Here's a test that does this.

like image 68
Tratcher Avatar answered Oct 05 '22 07:10

Tratcher
Sign in to Comment

Related questions

How to workaround missing ICloneable interface when porting .NET library to PCL?
MySQL For Visual Studio 2012/2013
Using moq to verify a call to a function with param parameters
Drag object in Unity 2D
HttpPostedFileBase's relationship to HttpPostedFileWrapper
Implementation of Object.GetHashCode()
Is is possible to apply a generic method to a list of items?
How to sort enum using a custom order attribute?
System.Net.ProtocolViolationException: You must write ContentLength bytes to the request stream before calling [Begin]GetResponse
RabbitMQ undefined: There is no template at js/tmpl/login.ejs
Restrict route to controller namespace in ASP.NET Core
ASP.NET Core RC2 Area not published
How to measure Code Coverage in ASP.NET Core projects in Visual Studio?
Builder pattern with nested objects
How can I refresh just a Partial View in its View?
How can I mock a method that returns a Task<IList<>>?
IP Security in Asp.Net Core
Custom TFS Check-In Policy in Visual Studio 2017
Object disposing in Xamarin.Forms
Why C# Arrays type IsSerializable property is True?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!