7

I created a Blazor application with Windows authentication and hosting with Kestrel/Negotiate following the steps. (https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.0&tabs=visual-studio#kestrel)

Create Blazor app with Windows Authentication

Create a Blazor application using Visual Studio 2019 (16.4.0). (Windows Authentication, https)

Support Windows Authentication using Negotiate and Kerberos

Following the steps to make all work when running using Kestrel.

  1. Import NuGet package Microsoft.AspNetCore.Authentication.Negotiate
  2. Add the following code in ConfigureService() in Startup.cs.
   services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
  1. Add the following code in Configure() in Startup.cs. They are added between app.UseRouting(); and app.UseEndpoints(...; 
            app.UseAuthentication();
            app.UseAuthorization();

Windows Authentication not working. Add middleware ValidateAuthentication

It still doesn't work with Windows Authentication until the answer from this question is applied.

  1. Add this in your Configure method:
app.UseMiddleware<ValidateAuthentication>();
  1. Here is the middleware itself:
internal class ValidateAuthentication : IMiddleware
{
  public async Task InvokeAsync(HttpContext context, RequestDelegate next)
  {
    if (context.User.Identity.IsAuthenticated)
        await next(context);
    else
        await context.ChallengeAsync();
  }
}
  1. And in ConfigureServices :
 services.AddSingleton<ValidateAuthentication>();

Now it works on the local PC.

And the following code is added to CreateHostBuilder() in Program.cs for remotely.

webBuilder.UseUrls(new string[] { "https://*:5001", "http://*:5000" });

Not work on another computer!

However, it pops up a window for the user name/password (it's Windows authentication and shouldn't ask for it again) and gets the following error on my company computer.

When trying at home PCs, it just shows the following message without popup window for username/password.

Error

The output window shows

      Request starting HTTP/1.1 GET https://mymachinename:5001/
info: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[0]
      None
info: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[1]
      Incomplete Negotiate handshake, sending an additional 401 Negotiate challenge.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished in 5.3618ms 401
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 POST https://MyMachineName:5001/_blazor?id=5PKkHuIU8OTq2i8tGbkP0A text/plain;charset=UTF-8 3
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
      Executing endpoint '/_blazor'
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
      Executed endpoint '/_blazor'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished in 5.6983ms 200 text/plain
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 POST https://MyMachineName:5001/_blazor?id=5PKkHuIU8OTq2i8tGbkP0A text/plain;charset=UTF-8 3
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
      Executing endpoint '/_blazor'
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
      Executed endpoint '/_blazor'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished in 5.331ms 200 text/plain
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET https://MyMachineName:5001/
fail: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[5]
      An exception occurred while processing the authentication request.
System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.
   at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
      An unhandled exception has occurred while executing the request.
System.InvalidOperationException: An anonymous request was received in between authentication handshake requests.
   at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished in 80.1697ms 500 text/html; charset=utf-8
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 POST https://MyMachineName:5001/_blazor?id=5PKkHuIU8OTq2i8tGbkP0A text/plain;charset=UTF-8 3
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
      Executing endpoint '/_blazor'
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
      Executed endpoint '/_blazor'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished in 11.6024ms 200 text/plain
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
      Executed endpoint '/_blazor'
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 POST https://MyMachineName:5001/_blazor?id=5PKkHuIU8OTq2i8tGbkP0A text/plain;charset=UTF-8 3

I got the prompt when capturing the network traffice

Session #13: The server (us005) presented a certificate that did not validate, due to RemoteCertificateNameMismatch, RemoteCertificateChainErrors.

0 - A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

SAN: localhost
SUBJECT: CN=localhost
ISSUER: CN=localhost

This warning can be disabled by clicking Tools > Options.

It asks for username/password after I chose ignore the warning. Why it asks for username/password?

The sessions before popup the username/password: 

GET https://us005:8091/ HTTP/1.1
Host: us005:8091
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9


HTTP/1.1 401 Unauthorized
Date: Fri, 06 Dec 2019 23:11:38 GMT
Server: Kestrel
Content-Length: 0
WWW-Authenticate: Negotiate
Strict-Transport-Security: max-age=2592000
Proxy-Support: Session-Based-Authentication



------------------------------------------------------------------
GET https://us005:8091/ HTTP/1.1
Host: us005:8091
Connection: keep-alive
Cache-Control: max-age=0
Authorization: Negotiate YIIUvQYGKwYBBQUCoIIUsTCCFK2gMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCFHcEghRzYIIUbwYJKoZIhvcSAQICAQBughReMIIUWqADAgEFoQMCAQ6iBwMFACAAAACjghJtYYISaTCCEmWgAwIBBaETGxFHQkwuQUQuSEVEQU5JLk5FVKIwMC6gAwIBAqEnMCUbBEhUVFAbHXVzd2xscHJpMDA1LmdibC5hZC5oZWRhbmkubmV0o4ISFTCCEhGgAwIBEqEDAgE/ooISAwSCEf8SPyfVTTIyEghWZnkJmimTadjkmX2k7PMXqFzw5igbGi0rxsNo9kBfA7dXq1NrSCgXDM5moPXdON//Tr6FjxeSkgPd7CTgZCsg8/65iMbkcK9QcbP7taholjBVJDNF810PrsS7jLsIPodS7frM4KTGSXTfrItoCXt0HwVhhQnF81ajnV/MIKoUokDJtJVRlGKurK078JM2Wvik6JAkgj35Xstr4rEbgs6a4SnYGBKiIpFErnNOmYZyL8LyZ4RS09UwJ9jboMIHmKOTG/8ZwuKHoA8G1I/lFc44xoKnz9OqboYr6x9UsnooIZAgYxZ43oO1P+B6xwwu7qgOFPSSW+GSJdErlQYKJP5L9CI1d+jJhgnw9bxqVBT30B055DQYyM0UXWTwHx8TeyIf2rhVsqtvxpiEVXx1F6zB9IpU9770fu4orK6IDowTGOxGuYexl39kdfpweJarJjSQ7cmXOrs7FnZHUVgR6N+OpEoRExAoNEfgqjDE5+HlhbXQ7FQSkOHXN82bdEzSM9ER4EvHCK25vycKyNmyTpwwdC3qSnF6HKYKRAlUt+jCtM8WeKfrrjoripVMFxaBrb6wHGNemGXC7VbJxDBIv/3UVQDWlBSjygkjjhXSWVLCzJRoyGwTII+zIj86O6URFzXpNk5QD2estXKpszMGLRqcl/5kDycjbhw+s/izB3T3hreQPEALhTK+qBy78R6AHNaR/NP7ErVALUoT28Dx1829DLooVaNZ6f9dhbpj9oMe9msLHv/VQr2ychKZdB6meL0j+I+zrVS1krus42BxOcHEbfj3zb22nf2jR5fL94GPaWH/E5WoYEC/NAAIqpI/AAxwtLBTL8dJN9PvwIhMRIUhncnt+6bTpcEK4WGRwwFDQ92pKJMfdwpQU+SULlYIT7Jl+Ew+UlelxAGEM3YcYVanSZOYmtKUFSrj9B8ro+So9A/0Nal0y5+ULhKBOgH/TA8Luc2Dkq5blHEnG5uH1zHwjgcAcBd0WKzY75aX2lXCyM74wobJh2Gkp7Gij1cyzOeNTMUxmmvzFztNhKq8ENhWNY88AExAopaxujA/1smq2QjgreDNRhOi4aDAMbCdCY1UJbfgVWq8qc228cn74WndySUf+Xu0anJW+2DB8i9FxEje0hYEU2MGzFWms1nanHh2KTh/veEEts8gpcnO8fIqTg9Vdf+n9VNY/GedLGxtwFERozvVzKRrTS1alOBs613xzkJtiCtV7VbiPSDv8PjwOVXlfBY3Xqcf/r06KlIc7JrAMNvE5lA2MpqKvJlrCpLNCZFSx/areR9NniZdCWe9hiwnM72oyZdrM7itB56dkiNAIEMwUWpQLMznDMeYG4b37ysCMcm9YlRP++uqYYsfGjVQTwVeoiH2CfdFdyiFTs6zvRFjDC81Qa3jf1V7xbCKSY0OxZcrC04GpOvEuVb/csixFHvXTfqtVBs/p78iLRGfmNSe1maMHiY9Y5vDXBmybs9IfATT5tZoImy6VKMNb/G1eigcbPJIBujUgxJ8urxIfALoFrqjIRJPwzX0WOAs9rL4GgUtaods1J1G+VmjJGBCNCqKyKPcNTtWkDpL8ll9CzQ7cziAd3ezh/V7vtDEzjbPO8gz82Ee6j+GoVP/Jr2KvAOCjz6igZYExRQDITd2D2bj09VSC7PUNuBfdPuBWjOOWMAuKGpISBQAV/V2CpriDui1wDKQLYIcdfJF2fMzaAbWWy52DtEDM7Tu+pXdZKpLSXHYjX1GOBE6W0SMmF1ryf27wCGe3PciPg3GkvBV9XitmJp/EQieAtKr0SXNbe/JDTFwRra4fymwoPEiW3iCyUv7dNMX207YLzyxbGehOjTrcOwZQY7ssCGOqea0OcmMHJ0KFBp76N4qtJhNP1okUtxxv7kNUZWiYTCXt8kZVTkbHcPreVVEzJWD8ysH7QLNLrimkn1WE0On1Aju2WrlmaVq7K5zHEq3uDPL3nRIo/6jGEWmy2gSmK3f+n+GYhZ9xlmV/mmvHt8b3dnmkQqA3quj4pi19joBGaYh4HNCerhiRomaOYFGpEYpR2RIysmttMbhRsBiM46MQA4TdJDFQ9/iQPkUDdVr807sZfoIy82ulgjM7zjMm+l+JBNC48QnDBJnRG2G9gDg0PHsA7hpmKvSjLumNOjcktu9BaY+dyaApsUnfCyL/bwC7yZ0Z0YK2X/f74etGd0QGb1zQJrOINAItLVvWTkPoV3Bjo0T5BA2EluZIGMsyXW0i1Rco6KxJuikJzBQQ4Fqk0Q0vxY/zMcuZX8ojrdiZj0pU8YSrE0ucnBTuW+pOUyrtiZ9E2Oc205qjoGPvS9bJkuuYwO0FtpQw1StLt5L8/TDsddOymDPesVn4oD0SCirfVomElCjG9nmMOQIAjBh/H9zaKObz2CzkgXs4GaB2NkumkFge/kLml7ILsak5fofgjnkBniiCf+9fzoudmgQcq0eIX9DGeAbvku1UTrr1avy6qbeJtRPTO1vKQ/JcKFjKxTSNArgxoh/Lq5u/Vj3G314Kr9327zP2L87BYpTMp1Y9EHRJ+Ov/Qr2qw3QuVcreU27OcidkN8F1vQT16gPG15Eqa+89P67OrrxJLaExOpxeKRmyYtfnvW0IN9pdLjgpA/4hNDkxAE/SrXa/Res8wkjtqeBP3WCVALG4qfGQSRAxn2MMBTni/kWSbBq8Ve2luSdJDYyCvMzmdXzocwSs3rGgn+jVxkoqr31gHZsiRB6GOM8wReT2gTRwGsqmivTvh/dxguz/BCTUp64uDgUBH2Det2PqECRs8EyRz9VTNt6vjBdcLj5cltD/eX/8TpY0WkIId5Hfucs7vKxrsG94xGzo+/3r9OWedEASicg61JPgO0NHYL8kuH2IuTFua2RUG0mOMkL8cCbbE7SY5qrlk8OR4xUW1AbPUwMy8pMx7r2KMye+0dpwZcIhuz9IzpknROQaSEwaUaIiLqs+GPCdX0KtCKlZ3DCmjdGVPMFS3cGSvhh3djqhIVBvnd8M8+bWH+20TRVfrOpVG2eHEwLlYAbTbZE25d3HdLPbazLXNv9osR/Ac7bvu7iuu3L0Q4mnOfb7Pw8Yq7K/85hqXZbu8flvc0ewGXylSeio4ra/UG+f7uEeuAC4qOR49VGnHajhkkUAFwOs13qrGrwmT2dv58tUm3E7XnI9UerZGd0KeDQ5M1VIggttn3GdOo2f51XI8DxEFUSNvi3Zm63TFRtjQJgGqWd020ado19zKNVMtSLN8ZmpgoN0JxGwogeK560xFMENkWI94gC2ODU5W9ktIy9ZHqqSAtrRN/IwLtxwcv3aSjjRxlA2igAZVEO1jwXb1okH7WI1GhYB8Ln103l3U1Bxmeg8BwjpjH+roPMUCbkBsKP1L1ITKrgq0hHddnHVsIeITuBS81ycq/xzLu00ya+HK3Pt22z6hP2k2ismjz0hw5Vm/20lZMmSMl4/jxjLi5IN4KxYEc/yve6tmB/bMne5G57sXQuGu8muFE8AnWwuis6alnxiCKt0mbSJ27rMFt3SqiLjNQiSayIIVtuZMMCCKlPSqvurIpqWTA4ZNougULazbt7qviOOVUv2WgcnlufbZVbSGN8ukZYWSwHqvyumsUwhoxpgvGqwheb+GVuDXfOqdQoqhmFYyyJr8WI33SyFz6/jjSydYiBeWKD5Fz2frCsHzBkqib9afcYpzhvv7/8x550udAuFvL+Z1/kyLlzf0ZpnN9xfJs1izEYwKLZEAbve4rEiQLS1fupMufsrvPIWzj4V2Zy+/GpX0kVifY9f0I8HWj8cTB1f3VB51qNiFXAqPKpAHixhnh3WU6WQl9Y56+tEmTuY9NPSUNmkDL3isBZNjWKltNZ12aYvYXHbgysP1yz+AtSWYm/+ytFIIsYRq6NtQ4jJiRKpq6hLz7uI/eOZ4jVINo1X2T3gN7y7xXNemGCNIOt3qdSw9XQnpobw8R0PIFHltbiZvJHmpL6e6yQDeVyxP/gVZNexC7hWu3yKi0Cf5XnnuBvYrzHwgFTdBTyO2xSXn49Tllmc/Jn76E6nqVcOXN056jdareX9OCFNFhR4tnjcEL0lzSEvHcVkj9BGfNcBYQyj70nXk35z4697CMn9lCR0tDb+hHhkLTBACENQJB5eTGIdlm1VM65GYKmvE+Nwh0I4rtjVucdxi+23v+6sxkOq9qmQG7zekVKsR//MayuN8eaCe6vYYAxACrLwTmq3hMYlnFDF8Lct0aEm7jDUaFQCVDxy0sgqimP+pBfbj2gpm9r1dZ45o8aWSulRJ0hGWTduHwWGpb6BWjPLeaBlyR2ZHJD5vyxTjtZirl9+YwEYXdKh4zMm3B+AMUbO68rX63fUogEEz/p7dolcEkHQoC5zdjb+bOy9vqhm5JJxUnWExNhK/V9eBJPH2XV2pAJUyj0x4T7gefMu0nXQM56fY3RFf62YYM1thsyhe9wV3ei3JDwZi3ZJ2UM3iW0gLjHD+/HJXzaLPZptvkNwbAKxO0xLq0ZhdAR8pU9chCB/o+jiKYUpdrF0ZxoWIJo7r1LLkP77heFsOJpf/rkq145GHD7KgglJtnxXh7XI3m5mpnWlZmYRD9TqyIO9vOZhgN8rJNKppSqDzmaQsYihM4xcKjBj2DDxSYXpxseC1ACmU0N072h7fP4JgmegoavlL3JBaJrImltwpuZMqy6seYGL8woQpvZcB/+UwHe2sJPcik/f7fSYWI89MjE239HhGm6CAT2wa/K5AzDBomOqC31eU8FAzO0r3EgdNczOxo/QuG5EM5515s3MkoFG1/Popj0gsB4576MZPcXOy9SJ4GFHfr/TpFeOfU6rUjF+oKT5t1FrMQUTqsmm/D0Eu6MXyt4mRqJF+RxieKw1TQqfdTjo78xCkvmqEiwYbJ5z5d2ddlgN8f8wqS6YBuG5itcRov97Ux6sPmLJj14LekuBp/daACorN6w72FQkPvP4Fr09XGXVUe/ASGWtAQQrz/wqfU9uqeH5isVS0R9dTkdXDUOnjJ5CgKh6yArgVs1QKFsiIChMgKW7zqldg2c1Nk5Yznc7e8g3sjeYnZVHLs+J3lu3Rr+sB4DuRsXQ9IYe1h4m0ka8QfaraVoJa1PDUzTbXg7kuxkTNsmO1+oYP4Vv3f/NP3TnJ1+iHWozrlzvLkRxaMgKhM+I2ELt7QIKSyOYjBAtCL2i37a6KpQoToqpbxoHfDYX1z7RYKkzzufDwn6j3ewsJ1Mtuy6/ODmtEtt0L8AiDYGnzh9JfqetNbXOnGkzC5WnbYlJwARILJGPjBY5wKMq1TH2f4bPrMwUV6QyDxm2I9I5dQexzuJINMIRkDxtZ3LEZlZWzQzTCsyz8if/6XagfuTb7F+sJ3e6PeyNfF9vLXg1feLu/Xlls8O4i25lbloUDy1PzIqzNFdTWVCyAG+I4hzWcSHEtfodIsEFl0O3vPQCjSOI+vFAdkDdmyw8PNwD3tHrV8FslSO5pm8HEPoQAe7/26/soy/Xmm9e1sX0XKPQknLpLAI/yoM6a1ZxcayDClzc8x/yjJvw/IV6x7IHLimdKbn8IL/fY+/Ie8vjixqpsiGFJMYH1TNr1T4nfdN5XgoI2w3PV3P5bp1orCXMOtF+T2d3l3dbV9YkXoat0Ct6FbL6Sk83IyfTDpFJzd560OCo0pRF67Po0DhPNbJ2SJHWqQn4ty4geCvHDMYoemNdpwVGwQAWrmJ70TgiGR5bWjx/9EkLiUbsYdMf42fzZz4yvZ7mdeaUKKxbCqJQayLeqnH8HQyCiy8cK+IuB67G2KokT8tUKFnne6GUCWncaK2XKErV63pEZH/FidlQBulVLw8p/T00MFiPlfa5Hu9hZhgjjxjRWo8iFSQrs7qK+m3vTdYntN89z4LB8zY1yam0xVLH6rNUYhgfZorHlF8yuS0ORHHZTQ3qsy+GkXBXzoK/gLwMQyT8c9J+2RhglnJ+XDyArMsvSCpVzNiLhBfUTgbK6iwYJVpEgA+LfX5x2sw3zs8RvBY/Ul8htlY1hnilvmWSRfJd+NHvXQVTng4z9lQV2odUKDIFkiL++wg4zJq+R0XgKfqm6SUmhZu5OJ+jYwsOgOOL1mhD0qP1/Bfy/PZV52NXJ1w4qc+O+afY7HvV43V02Y82/IqZ6SCAdIwggHOoAMCARKiggHFBIIBwSS4hy3oR17Czx0xy9V2qFSCcgYkEm4KET9Jr9JzG+j/gmsNM7ZKBPu/hZEXeDf/Mmw7P36iWwXvm+UcRMfvnMg10Mxo1tAVgUc0JXiBCFyOfTIfkenUmFfN25TP72NgibBMnwSzI5BubaI0VMFwUwoG4UPwt3K98gLLQ6sLZ3G6mbKn9NHOjNktuK+QkK/JzK6TLopduWbhUH/oQFvNPIVyoO3zau0LNKj+RG0DXTKeMlSD7RsK8W/V1nzVL83AjxUbunzbo9PvYGBvgHlnZys+ssc7Cuv8y1Q/IEie8XLeKLob0GyyU2DH+ObzGEwg3H+cs/vto7RJYPKNmIz03BkTm4t737h2l+XN8U3zrCeVERojst8edwbLrbOR3lFC7g43gdF1TnIDGwA4xjM4G7GcTsHfpR9HqHchkmccwWQ9/quoJuzO6zYuLuWG9cIh2AgYM2w1ghEYfz9bdIc7wY9vNNFp0P9glOamEQplg5DBLd24udA111d6o/V+1ht9v4vaGmArg+gHqoinHxlo4+eugjMYHlswdBqCU+2Ssk1hRM+yyQXzN9MMP2a9LPqd6pSwp4VjbfN38r5dkR+nzgUN
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9


HTTP/1.1 401 Unauthorized
Date: Fri, 06 Dec 2019 23:11:38 GMT
Server: Kestrel
Content-Length: 0
WWW-Authenticate: Negotiate oYIITTCCCEmgAwoBAaELBgkqhkiC9xIBAgKigggzBIIIL2CCCCsGCSqGSIb3EgECAgMAfoIIGjCCCBagAwIBBaEDAgEepBEYDzIwMTkxMjA2MjMxMTM5WqUEAgIFSaYDAgFFqRMbEUdCTC5BRC5IRURBTkkuTkVUqhQwEqADAgEBoQswCRsHeXdhbmc3MKyCB78Egge7MIIHt6ADAgEFoQMCARGiggepYYIHpTCCB6GgAwIBBaETGxFHQkwuQUQuSEVEQU5JLk5FVKImMCSgAwIBAqEdMBsbBmtyYnRndBsRR0JMLkFELkhFREFOSS5ORVSjggdbMIIHV6ADAgESoQMCAQKiggdJBIIHRdQ4UpEul5It2IfV0VxSLUsX4uc+V3gbJ33ccdb/ZODIHHzJAG0POTyi9BKWPNX7y6FVJYev+eyoMkD1elsDj9ZpExk7PKst30cM0wyI0ywx7H4ZTRaD1wfHX3c+TV3Kr6jyljkzENPLbyaGIgayi9L1pLcj+GRxfKLRauCYsg1obt9iO/MVGF81G1xBiJAdJraiS96R+QMTeCN8T8sSEAMioFs1dUTquG4heFT/P6rtHoikPGWIEQHLEBOIoWMWW1dWz64YF9wJsMm6nQcTWTUbxOuxds97uU58/lqLqgbSE15B2YPSM0Zj8QA+nf9idS84MifA0F/6lvHbBC6FRaizG38e1Qf9/0YvP8wJ4QDGHCK+ZpxYbwJXTOBYvnRMg2ohl+wtirDDgjC5oD5ac+MXwI/HtKILf8wzZ0rTvxAKhN9kErpyQi5w/Ft/kJdBATOOMbFmrzOjYM3tUTzMfLUCIcP12PGUiXWsp8KiTuUyadJsYiPqthq2mhoEqz9qazQ2ZopZsPxMY2EKyhTSeIe+ScXW89cJ5ArX8qKRsG7QnpTL6/reGytFwSOnAnHlkapdO3oTE8TvfxdPXk4kEiLQ9xO2Q3LezTyWKM4x5xg3+XiZMlis3vBIX67qtibSGY+PwuJuuXfzW3Ksefiv7zBu2x/r4vIcJN8rM3s4NlHEG2sgnwjboko3+CoSKcA20mnJUKVnEvjD4HFcJyUsIcUHCELTlMw+IHrGzWllT/rpPDCHdwfWWPUuHP2zzEndgGwzwsA64PG+w8NgfqKvJXDP3gOIqiTbRgxmdVgQGiJ1V5e9rLWHOWAatqnEoF/24nTb3s2cqR3+HYmiMjNZPA51oDd+cTzixA5EvbxhvXjIsAs3GEk4D6epxZHxb1fSUxYetxpOo2dOwZIeGHpZFWDYPqvKx4ksmm2ctZTL4iss896+dGmlOYlO+6kONlfBTHGyPMeVGS8L9JJ3rvDFFvKshYIV3Bc5RRlxSmxhw9zACiaRlFFVAYVGAJJOnYFMG+YLdgDG/GQy/mvUn/PY7Y1YyjpgLY5WLlv5fg2WpMNwDurpyFRvMH2ZzR7gveoO/m20fo/jUcmHG309fAT+EluOKZfEcoMz11PyLNjg8Uz5Z/NORN9XuUWWnBI4P12XRWVoc+N2BomhW/w24uEbRpV+FEMPzOZvoZTzlASfvbuhy04On1qPDb32r2m5fxh8ILScndUKEJ8NM9U+mf0ZTMzvsuHuZWT/FTq4WhFDKDPvTcCtcKxaddvlWvVAerMtKQqP0kvsUi/v8agu4lpNPgCbfyJqKJym+xyryWMxPzlOrrMY9x34gOelkJhxPsuk8bg8TXO6i9i1xC7Q4VSoQYrxs+DZjfoQAKutzteNUpuVt6q5P/LaM//8ZWLrIRFPe2UUlyvh4MhsA2CBoOUsVFMGdYsP162tuLMTWf0jy9NZNGbeYCA4pqWvZMnPCGYob4ftTMQqWNHHPzzKw8kV8o/fpKNKRIBn5btPizzRoN+brrA00wj3zRvlPVW3CJcqaB1GoTgMxp7JpMyDIiQ+NxPhP4NXLAtNRw1gsfjbwYZkwtRbbOr9OoCAmYGWXvxRPO9pfniK69lv6FprSohEDrzqY++ClIxhGbAen4jfvx7au2UBivTwH5SHdfrWHVS9rWh3hiG+Idn56ARxZWxjrTJXkXTsSeZM887M91ZDiWySho4t37Au3qrTa7MzaxquzYkYWVN0k5KWi0NXnJ411gs6WUin1exMSLdwamIry9AZ2bQh0eu4mVzVJ4q7wHq/PgTsIQzhHlhnkf6xkZXie8y62anM6z8dzQoTXbQPhvSg9QfEsOchmBjlGJmofPt9yZr/HQ9eGk2bncNKkh8sBNyShEcFt0jQbANkD9X1izM3zN3gBqJox8FLi1egCvyH98lU/Stx8dHFmT4/nnGhpZuW+Qig+aSU3jCgcKIJshWTqSGjSbQc/AC4TYiBqn8z+X6fLDzQ5y/Q4oyilC0JKfGLqopXQJJOlE7OEA21KuzqzmJuma1E9QQ4PABndykDA7PcGgTZrbCKrOqxPeE6FH6mv54LfPlXrmrzb7BtIiLhuPaaCQME/fRwPwoWEwcwv9aiihSJ8Ot7kd2hxCTtVMi/ce8NjH4uGaRrLh+TQr+OVPWXPbie/Y8mQnK290BZ23I8S/VJhUcog8v99A9GtRS9IpXrOan/Mt9Gyqax1rJiQSmRJJkulXZ5gD/8lneMkJdz0q9/PWb6jtF10Fx00bOv72NDo9S5Q6TGZXBDca2bZFi5TeGQhL/2kg1LkHuMgCb2B5dDCxFJV+a77UFqFEtjOg5jobDDHaDA2Rfbgxh9q74Es+Ix7CG0ByZhdkvtAG5x1ri741hQMgtnD55IAM9FYQuen39ET3epXqYMy/nAZat090C/AT/swsE/B6tFv22iS4NQ0ckarQJ206ylZFcEwUOhhllXixvIdH5UG73IsCrFMUU=
Strict-Transport-Security: max-age=2592000
Proxy-Support: Session-Based-Authentication



------------------------------------------------------------------
GET https://us005:8091/ HTTP/1.1
Host: us005:8091
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9


HTTP/1.1 401 Unauthorized
Date: Fri, 06 Dec 2019 23:11:38 GMT
Server: Kestrel
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
WWW-Authenticate: Negotiate
Strict-Transport-Security: max-age=2592000
Proxy-Support: Session-Based-Authentication
ca9163d9
  • 27,283
  • 64
  • 210
  • 413
  • Is there any indication that your app is hosted on Kestrel and not on IIS ? Suppose you call your app from Fiddler, would you see the server name Kestrel or IIS ? What settings in your code makes your app being hosted on Kestrel ? – enet Dec 06 '19 at 14:24
  • The app uses integrate security to access database servers and files. Hosting in Kestrel is easy for testing and security control. – ca9163d9 Dec 06 '19 at 16:23
  • Tried `Http.sys` and no luck too. https://stackoverflow.com/questions/59218273/blazor-http-sys-shows-the-connection-was-reset – ca9163d9 Dec 06 '19 at 18:10
  • You should better open an issue in the AspNetCore repository (if you haven't done so already). They are pretty responsive. – Atanas Korchev Dec 09 '19 at 04:57

2 Answers2

1

This is not supported by design unfortunately.

See post here:

https://github.com/dotnet/aspnetcore/issues/13124

Euan
  • 73
  • 5
0

I had a similar issue. Negotiate seems to default to NTLM when running on localhost, but Kerberos over a DNS name. Kerberos requires a SPN. I fixed it by adding the correct SPN using:

setspn -D HTTP/hostname serviceAccountName

The exact SPN will vary depending upon your setup.

Serj Sagan
  • 28,927
  • 17
  • 154
  • 183
Blake Biggs
  • 201
  • 3
  • 3