0

This scenario might have faced by some of you and could offer a design approach to handle the problem.

We are working on a .net core mvc web site and hybrid mobile application that will be used by internal employees of the organization accross various devices like pc's, tablet, mobile phone. Our plan is to host the website with windows authentication so that user credentials will be verified against Active directory. This worked fine in the PC browser.

In android mobile application we are using a webview and few react native components to access the api's exposed from the same web application. We tried sending the user name and passwored to the api in different ways but the authentication is failed. one example we tried is https://user:password@myapplication.com. 401 challenge error we are getting. We tried to add the custom middleware for bypassing the authentication only for a particular api, but the problem is we have to get the user/password information from the device. We are not planning to use the forms based authentication because of cookies or sensitivity of the data.

Please guide me the appropriate way to handle this kind of scenario.

Edit: we enabled both windows and anonymous authentication.

Tried the below post for enabling the middle ware Enable both Windows authentication and Anonymous authentication in an ASP.NET Core app

srinivasa rao
  • 23
  • 5
  • Please [edit] your question to list the authentication methods you have enabled in your IIS server. – Progman Aug 17 '23 at 18:27
  • 2
    It's wildly insecure and irresponsible to handle your users' passwords. Instead use a modern browser-based authentication flow, eg: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-web-app-aspnet-core-sign-in – David Browne - Microsoft Aug 17 '23 at 18:28
  • Use MSAL library or common middleware like OIDC in your react and phone apps. You'll have to get away from form auth which is a good thing like David said. – GH DevOps Aug 17 '23 at 19:11

0 Answers0