9

Please provide guidance on how to implement Windows Authentication on ASP.NET Core RC2+.

I see other SO questions that describe bearer authentication like Bearer Authentication with ASP.NET Core RC2 404 instead of 403

But that is not what I am looking for.

Community
  • 1
  • 1
Jigar
  • 544
  • 1
  • 8
  • 28
  • 3
    Do you mean using NTLM to automatically sign in your domain users? Then you need to use IIS and what IIS offers to do so and choose the "Windows authentication" template when creating a new application. If you mean to have forms sign on (i.e. using Identity), then there is no way to do this out of the box and you need to write your own Identity Authroization for it. It won't be implemented by default for security reasons – Tseng Jun 08 '16 at 05:56
  • Thank you it works. – Jigar Jun 08 '16 at 05:58
  • I spent an age looking for a solution for this, it turns out a simple `HttpContext.User.Identity.Name` works as before in ASP.NET 4 – Danny Cullen Dec 05 '16 at 14:16

3 Answers3

8

You can do this using WebListener, like so:

  1. Open your project.json and add WebListener to dependencies:

    "dependencies" : {
  ...
  "Microsoft.AspNetCore.Server.WebListener": "0.1.0-rc2-final"
  ...
}

  2. Add WebListener to commands (again in Project.json)

      "commands": {
    "weblistener": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.WebListener"
  },

  3. In Startup.cs, specify the WebHostBuilder to use WebListener with NTLM

     var host = new WebHostBuilder()
        // Some configuration
        .UseWebListener(options => options.Listener.AuthenticationManager.AuthenticationSchemes = AuthenticationSchemes.NTLM)
        // Also UseUrls() is mandatory if no configuration is used
        .Build();

That's it!

Ivan Prodanov
  • 34,634
  • 78
  • 176
  • 248
  • Will this work on other platforms like Mac and Linux?? – Jigar Jun 10 '16 at 10:37
  • 3
    No. Both IIS and WebListener can host .NET Core applications only on Windows as of now. Check the link below for official documentation from the ASP.NET team https://docs.asp.net/en/latest/fundamentals/servers.html#weblistener – Ivan Prodanov Jun 10 '16 at 10:39
  • Is Kerberos supported? Or better, AuthenticationSchemes.Negotiate? – pomeroy Oct 18 '16 at 21:13
  • @IvanProdanov, can clarify something for me? [This](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/weblistener) article says "WebListener can't be used with IIS or IIS Express...WebListener is useful for deployments where you need to expose the server directly to the Internet without using IIS." Does this mean either a) you use IIS (which requires a web.config to be created with a forwardWindowsAuthToken="true" attribute--the only way I could get Windows Auth to work), or b) you use WebListener _instead of_ IIS? – James Toomey May 03 '17 at 18:13
  • @JamesToomey Did you ever found an answer for this James? – Reft Aug 28 '17 at 07:21
  • @Reft, unfortunately no. – James Toomey Aug 28 '17 at 16:40
4

This doesn't appear to work any longer in the .Net Core 1.0.0 (RTM). I do the WebHostBuilder exactly as above in Ivan Prodanov's answer; it runs, don't get an error there, but the HttpContext.User is not marked with a WindowsIdentity. Following code used to work in ASP.Net 5 beta6:

in project.json:

"version": "1.0.0"
"dependencies": {
  "Microsoft.AspNetCore.Owin": "1.0.0",
  "Microsoft.AspNetCore.Server.WebListener": "0.1.0",

in middleware class:

public async Task Invoke(HttpContext context)
{
    try
    {
        ClaimsPrincipal principal = context.User;

// <-- get invalidcastexception here:
        WindowsIdentity winIdentity = (WindowsIdentity)principal.Identity;  

        ....
        ....
radams0x
  • 41
  • 1
  • 2
    Can you try adding `"Microsoft.AspNetCore.Server.IISIntegration": "1.0.0"` in your dependencies – Jigar Jul 01 '16 at 10:49
  • 3
    In v0.1.0 it was options.Listener.AuthenticationManager.AuthenticationSchemes which has been renamed options.ListenerSettings.Authentication.Schemes. Also you must now add .AllowAnonymous = false – Timothy Klenke Oct 21 '16 at 16:00
  • Switching to what @TimothyKlenke mentions, I receive "WebListenerOptions" does not contain "ListenerSettings" – ferr Dec 30 '16 at 18:55
3

Check your launchSettings.json file - change anonymousAuthentication to false

  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,

For deployment to iis check this Asp.Net core MVC application Windows Authentication in IIS

Community
  • 1
  • 1
EthR
  • 1,924
  • 1
  • 12
  • 13