3

I have a multi-tier application which is using 2 NET Core ASP.NET tiers.

  • Tier 01
    • React JS hosted via ASP.NET Core
  • Tier 02
    • Back-end HTTP rest

The Tier 01 is using NTLM, so when the User open the Browser, ASP.NET Core loads the React SPA and from ASP.NET Core I can get the IPrincipal of the current Windows User. The Back-end, unfortunately, is always running in the context of the App Pool service account.

In this scenario, what would be the correct way, from React, to call the Back-end using the Windows Account which is running the application? Is there a way to generate a Token, like OAuth, in the Front-end NET Core host and then pass it to the Back-end?

Note

I do have an architectural requirement, I can't use Username and Password, I can't use Basic Authentication. The Front-end must open using NTLM and display the current Windows Account (this part is working)

Raffaeu
  • 6,694
  • 13
  • 68
  • 110
  • Are your users declared in Azure Active Directory? Or a locally deployed Active Directory? – AndreasHassing Oct 07 '19 at 08:01
  • Company AD, we are not using Azure in this scenario – Raffaeu Oct 07 '19 at 10:37
  • @Raffaeu, I have a same scenario wherein I have a react app(in windows env) and spring boot REST APIs for back-end, I just want that whenever user opens react app I want to get the username of logged in system user(always windows) in my back-end for authentication. Could you please suggest something? – Nikhil Singh Bhadoriya Apr 03 '20 at 08:09
  • In Spring the easiest is to use a Spring action to host your React so it will force windows authentication before loading React client app To authenticate with Windows on Spring you can easily use Waffle – Raffaeu Apr 12 '20 at 11:10

1 Answers1

2

I think you can use the approach mentioned in below link. In tier 01, create an API endpoint that requires Windows Authentication. Get user info from the identity and generate a token.

Use Windows Authentication with OAuth 2.0

For token generation, let's use IdentityServer. Generate access token with IdentityServer4 without password

Thanh Nguyen
  • 712
  • 6
  • 5
  • Nice, I didn't think about Identity Server. So that was my point, if I can get a Token also from Windows Authentication – Raffaeu Oct 07 '19 at 10:38