0

I try to make Window authentication work with Kestrel by following the links:

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/httpsys?view=aspnetcore-3.0#how-to-use-httpsys https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.0&tabs=visual-studio#httpsys

Here is the code.

    public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.UseHttpSys(options =>
                {
                    options.AllowSynchronousIO = true;
                    options.Authentication.Schemes = AuthenticationSchemes.None;
                    options.Authentication.AllowAnonymous = true;
                    options.MaxConnections = null;
                    options.MaxRequestBodySize = 30000000;
                    options.UrlPrefixes.Add("https://localhost:8080");
                });
                webBuilder.UseStartup<Startup>()
                    .UseHttpSys(options =>
                    {
                        options.Authentication.Schemes =
                            AuthenticationSchemes.NTLM |
                            AuthenticationSchemes.Negotiate;
                        options.Authentication.AllowAnonymous = false;
                    });
            });

However, browse https://localhost:8080 shows the following error message (Edge)?

Can’t connect securely to this page This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

ca9163d9
  • 27,283
  • 64
  • 210
  • 413

1 Answers1

2

It's because you didn't have development certification installed on your machine. try this:

dotnet dev-certs https --trust
Steven He
  • 168
  • 6
  • Should I use the same command if I want to use Kestrel for production? the `dev-certs` sounds like for development only? – ca9163d9 Nov 28 '19 at 09:54
  • BTW, I got the following error when running the command. `Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate. A valid HTTPS certificate is already present.` – ca9163d9 Nov 29 '19 at 00:32
  • If you want to serve you service as an internal service which isn't exposed directly to public (for example, the upstream of a reverse proxy), you probably should not make you app listen to a https endpoint. Use http instead, otherwise you need a valid https certificate for your app. Simply change the line `options.UrlPrefixes.Add("https://localhost:8080");` to `options.UrlPrefixes.Add("http://localhost:8080");` – Steven He Feb 04 '20 at 09:24