Windows authentication doesn't work after deploy on iis

Question

I have a problem with this simple piece of code:

    public void OnAuthorization(AuthorizationFilterContext context)
    {
        ClaimsPrincipal user = _httpContextAccessor.HttpContext.User;
        ClaimsIdentity identity = user.Identity as ClaimsIdentity;
        string userName = identity.Name;  //!!!

        _logger.Trace("windows user `{0}` is trying to access the system", userName);
        var admins = _configurationRoot.GetSection(ConfigDescription.Admins).Get<List<string>>();
        if (!admins.Contains(userName)) 
        {
            _logger.Trace("Permission denied.");
            context.Result = new RedirectResult("/error/unauthorized", false);
        }
    }

When I launch my asp net app via IIS Express in Visual Studio everything works fine. My logs in this case:

2021-12-25 22:02:53.1783 TRACE     windows user `Domain\username` is trying to access the system.

But userName is always empty after publishing on remote IIS.

2021-12-25 19:11:55.2524 TRACE     windows user `` is trying to access the system.
2021-12-25 19:11:55.2524 TRACE     Permission denied.

I was trying open website from localhost and via domain name, also added it into Trusted Sites, nothing helped.

web.config :

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" forwardWindowsAuthToken="true" arguments=".\BlaBla.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
    </system.webServer>
  </location>
</configuration>

Anonymous Authentication is enabled on IIS

Because if not, I can't open even error/unauthorized page like this:

@user9938 I don't use database. Administrators names are stored in json config. But problem is `userName` variable is empty. — Сергей, Dec 26 '21 at 10:10
@LexLi Otherwise I just can't open any page. Please see last screen. — Сергей, Dec 26 '21 at 10:12
It's going to be lengthy if I explain everything about Windows authentication, so I won't tell other than some key things. 1) If you want to use it, then quite a few settings are required https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-6.0&tabs=visual-studio#iis 2) Your ASP.NET Core code must also be changed accordingly. 3) 401 error can be expected if your browser does not send credentials. How to troubleshoot that is another huge topic you can learn from existing threads. — Lex Li, Dec 26 '21 at 15:35
Not sure I understand how to change my code, anyway thanks for 1) and 2) options. About №3) - I added site into Trusted Sites in Internet Explorer browser, so i don't think the problem is in browser — Сергей, Dec 26 '21 at 17:28

Jeevan · Accepted Answer · 2021-12-27T08:31:56.130

1

To enable windows authentication in IIS need to make sure the followings

Enable Windows Authentication in IIS
Enable Windows Authentication in IIS web application

1. Enable Windows Authentication in IIS

we need to enable Windows Authentication in “Windows features” (Run command : optionalfeatures . Win + R → optionalfeatures)

2. Enable Windows Authentication in IIS web application

Then we need to Enable windows authentication for applications. Can be done in web.config as below or in IIS

web.config

<system.webServer>
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
                <anonymousAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>

IIS

Select the application in left node and select "Authentication" in feature view

Enable Windows Authentication and Disable anonymous Authentication.

More information

edited Dec 27 '21 at 08:31

answered Dec 27 '21 at 03:52

Jeevan

518
3
8

Question about your last screen: what if I have only one option like [this](https://i.stack.imgur.com/qAbAu.png). – Сергей Dec 27 '21 at 07:47
@Сергей it seems IIS is not configured with Windows authentication. Please make sure you have enabled "Windows Authentication" as in the first step. (Refer to first screenshot) – Jeevan Dec 27 '21 at 08:05
As far as I see, `Windows Authentication` [enabled](https://i.stack.imgur.com/RxhBJ.png) – Сергей Dec 27 '21 at 08:15
@Сергей Did you try restarting IIS? please refer https://stackoverflow.com/questions/8067448/in-iis-why-doesnt-window-authentication-show-up-as-one-of-the-options-for-my-w – Jeevan Dec 27 '21 at 08:29
well, looks like all I needed to do was restart [server](https://i.stack.imgur.com/pjvgl.png) – Сергей Dec 27 '21 at 08:29

Windows authentication doesn't work after deploy on iis

1 Answers1

Linked