Windows Authentication works when debugging but not on server and vice versa

Question

I have a strange issue with Windows Authentication in my .net core asp mvc app.

I initially had this BuildWebHost setup in Program.cs:

public static IWebHost BuildWebHost(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
    .UseStartup<Startup>()
    .UseHttpSys(options =>
    {
        options.Authentication.Schemes =
            AuthenticationSchemes.NTLM | AuthenticationSchemes.Negotiate;
        options.Authentication.AllowAnonymous = false;
    })
    .Build();

And this works just fine when debugging from vscode.

I am prompted to login as a domain user and everything is peachy.

However, when I publish to my Windows 7 "server" IIS, the whole application fails with this error

HTTP Error 502.5 - Process Failure

Common causes of this issue:

The application process failed to start

The application process started but then stopped

The application process started but failed to listen on the configured port

So I changed my BuildWebHost to

public static IWebHost BuildWebHost(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
    .UseStartup<Startup>()
    .Build();

And now it runs just fine on the server, but when I try to debug from vscode I get

InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.

This is quite inconvenient, as it works but I will have to remove that bit of code every time I want to publish or test/debug the app.

How can I go about resolving this issue, or at least troubleshooting what the cause is?

Answer 1

IIS requires Kestrel, it doesn't work with HttpSys. Unfortunately Kestrel didn't have it's own windows auth, it relies on IIS for that. Is IIS express an option for your dev environment? Otherwise you'll need to do something awkward to detect your environment in main and pick your server accordingly.