Windows Authentication - Postman (HttpContext Name is Null)

Question

My question is similar to Postman Windows Authentication (NTLM) not working but there are no answers to it so far.

I have used a .NetCore rest api (netcoreapp3.1).

1. In launchsettings.json

   {
    "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
   ..
   }
   

2. Startup.cs

   public void ConfigureServices(IServiceCollection services)
    {
     services.AddAuthentication(IISDefaults.AuthenticationScheme);
   }
   
   public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
   
        //...
      app.UseHttpsRedirection();
   
        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();
   
        //....useEndpoints middleware is being called afterwards
   
      }
   

3. EmployeeController.cs

   [Route("IISDetails")]
    [HttpGet]
    public IActionResult IISDetails()
    {
   
        var name = User.Identity.Name;
        return new ContentResult() { Content = $@"IIS authorized. AD: {name}" };
    }
   

I have not used [Authorize] tag so that atleast i can see if this works but Name is always null.

Postman I am setting username in Authorization tab. Image attached for reference.

If I put Authorize attribute to my IISDetails function it gives me

System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.

Answer 1

So I added [Authorization] tag and changed Startup.cs from

services.AddAuthentication(IISDefaults.AuthenticationScheme);

to

services.AddAuthentication(Microsoft.AspNetCore.Authentication.Negotiate.NegotiateDefaults.AuthenticationScheme).AddNegotiate();

Tried it in the browser and it worked!!

P.S: Still not working with Postman NTLM Authentication (Beta)

• On IISDefaults.AuthenticationScheme, its giving me

System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions). at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)

Still any guidance on why the other things are not working is appreciated :)