Windows authentication with SignalR and OWIN self-hosting

Question

I have a self-hosted SignalR application using OWIN. I would like to add Windows Authentication to the incoming requests. Is this possible?

I believe that I can add e.g. Forms Authentication via something like this.

However I can't find any way to use Windows Authentication to do something similar.

My fallback plan would be to host in IIS instead, but I would prefer to be able to keep my app as a Windows Service if I can.

Answer 1

Ideally there'd be an NTLM owin middlware but since there is none you can work around it by getting a handle on the HttpListener and enabling auth that way (it's natively supported by HttpListener):

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        var listener = (HttpListener)app.Properties[typeof(HttpListener).FullName];
        listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm;

        app.MapHubs();
    }
}

Answer 2

I was facing the same problem as you, and decided to implement a NTLM / Windows Authentication middleware;

You can find it on Nuget:

Install-Package Pysco68.Owin.Authentication.Ntlm 

Sources and more detailed information on how-to use it are awailable here: https://github.com/pysco68/Pysco68.Owin.Authentication.Ntlm

The minimal usage example might look like:

public void Configuration(IAppBuilder app)
{
    // use default sign in with application cookies
    app.SetDefaultSignInAsAuthenticationType(
         DefaultAuthenticationTypes.ApplicationCookie);

    app.UseCookieAuthentication(new CookieAuthenticationOptions()
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie                
    });

    // Enable NTLM authentication
    app.UseNtlmAuthentication();

    // .....
}

Please note that for performance reasons I decided to stick with Cookie authentication in the end and to use NTLM just for the initial authentication round-trip (because of the high number of requests).