Is there a best practice in Asp Net Core to switch between Windows and User Authentication (Asp Net Core Identity) on build, depending on for example an option in appsettings.json?
Asked
Active
Viewed 1,155 times
1
Palmi
- 2,381
- 5
- 28
- 65
1 Answers
1
I'm not saying it's "best practice", but I can tell you a way that seems good to me to achieve that.
For Windows Authentication, it's mainly a matter of setting up properly your environment. For instance, if you use IIS/Kestrel you have to configure IIS to forward the windows identity, same thing for WebListener ... I've explained that a bit here: NTLM authentication on specific route in ASP.NET Core So, once properly setup, a controller action protected by an [Authorize] attribute should get as HttpContext.User.Identity a WindowsIdentity.
For a standard ASP.Net Core Identity mechanism, you could be using the CookieAuthenticationMiddleware that would be using a cookie sent alongside with the request to get the identity. Pretty standard.
To combine both depending on some setting coming from appsettings.json I would create my own middleware with is quite simple, you need one class derivating from AuthenticationMiddleware, one derivating from AuthenticationHandler and usually one derivating from AuthenticationOptions and depending on my setting in the method protected override async Task<AuthenticateResult> AuthenticationHandler::HandleAuthenticateAsync() I would validate the identity coming from Windows or instead branch myself on the code from the CookieAuthenticationMiddleware. Good news is ASP.Net Core is open source, so you can actually get all the source from Microsoft.AspNetCore.Authentication.Cookies on github.
-
Is there a way to check if the app was started with IIS otherwise use Asp Net Core Identity? – Palmi Mar 07 '17 at 16:06
-
Something I aksed already here https://github.com/aspnet/Security/issues/967 But I don't know a way to do that. – Daboul Mar 07 '17 at 16:12