14

My Asp.Net Core mvc web application requires Windows Authentication. In developpement, on IIS Express, everything works fine thanks to this setting

launchSettings.json

 "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
    "iisExpress": {
      "applicationUrl": "http://localhost:61545/",
      "sslPort": 0
    }
  }

When deploying to IIS, I get a blank page. The Request to my site get a 500 error code.

I tried to add this configuration to Startup.cs, as explained here , without success. 

    services.Configure<IISOptions>(options => {
        options.ForwardWindowsAuthentication = true;
    });

When I look into the authentication parameters directly in IIS, Windows Authentication is activated.

I found some post talking about a package called Microsoft.AspNetCore.Server.WebListener, others about implementing a custom Middleware. I can't imagine this basic feature needs that much effort to work. Am I missing something ?

Nicolas Boisvert
  • 1,141
  • 2
  • 10
  • 26
  • Are you sure the error occurs because of authentication? If so what is error message? – adem caglin Aug 22 '16 at 16:45
  • What is in your FREB log? https://www.iis.net/learn/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis – blowdart Aug 22 '16 at 17:44
  • You can try fiddling with Application Pool Identities in the IIS Manager: http://www.iis.net/learn/manage/configuring-security/application-pool-identities – Petre T Aug 24 '16 at 15:29

3 Answers3

17

launchSettings.json file is only used by VS. When you publish your app (or run without VS) launchSettings.json is not being used. When you run with IIS/IISExpress you just need to make sure that your web.config has correct settings. In your case the forwardWindowsAuthToken attribute in the web.config is missing or is set to false. It must be set to true for Windows Authentication to work. A sample web.config before publishing would look like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true"/>
  </system.webServer>
</configuration>
spottedmahn
  • 14,823
  • 13
  • 108
  • 178
Pawel
  • 31,342
  • 4
  • 73
  • 104
  • 2
    This is very helpful, thanks for the info. You might need to create the web.config file manually if it doesn't exist, which happened to me using VS 2017, as described here: [https://developercommunity.visualstudio.com/content/problem/26751/publish-aspnet-core-to-iis-with-windows-authentica.html](https://developercommunity.visualstudio.com/content/problem/26751/publish-aspnet-core-to-iis-with-windows-authentica.html) – James Toomey May 03 '17 at 18:41
0

For me I had to add the line

services.AddAuthentication(IISDefaults.AuthenticationScheme);

in the method ConfigureServices in Startup.cs

My app allows both Windows and Anonymous users.

https://learn.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x#windows-authentication-httpsys--iisintegration

Mike Casas
  • 763
  • 1
  • 8
  • 14
-1

You need check web.config in your project dir. This settings was help me.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true"/>
    <security>
      <authentication>
        <anonymousAuthentication enabled="false" />
        <windowsAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</configuration>
spottedmahn
  • 14,823
  • 13
  • 108
  • 178
Dima Skokov
  • 67
  • 3