ASP.NET Core Authorization with Windows Authentication

Asked Mar 23 '17 at 15:26

Active Mar 23 '17 at 15:26

Viewed 1,593 times

I am trying to use Windows Authentication in ASP.NET Core web application under IIS.

I do NOT want to write application code for it.
I want to do it only through web.config or IIS settings.

I already updated web.config with

forwardWindowsAuthToken=true

In addition, I want to add the authorization section to web.config with Allow\Deny rules, but it doesn't seem to work at all.

Note: it does not matter at which level I do it - even at the IIS Server web.config.

What am I missing?

Thanks!

edited May 23 '17 at 12:32

Community

asked Mar 23 '17 at 15:26

Elad

forwardWindowsAuthToken=true would be to pass the information of the windows identity to your ASP.NET Core application, but it seems useless to me if you don't want the application to deal with the authorization and if you want to keep it to the IIS level. What are you expecting exactly? That IIS would allow / deny access to the application based on the windows identity and that your application beneath would not have to care at all about security, is that it? – Daboul Mar 23 '17 at 23:15
Yes, exactly. You are of course correct regarding 'forwardWindowsAuthToken'... – Elad Mar 26 '17 at 06:07

0 Answers0