Windows authentication in asp.net 5

Question

I am building an intranet application in ASP .NET 5, MVC 6. I want to know how to enable Windows Authentication.? The default project template supports only Individual User Accounts.

Answer 1

The $(ProjectDir)\Properties\launchSettings.json file will trigger Visual Studio to generate a web.config file when debugging appropriately for IISExpress that will have the <authentication/> node set according to the launch settings.

The below is an example launchSettings.json

{
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
    "iisExpress": {
      "applicationUrl": "http://localhost:65070/",
      "sslPort": 0
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "Hosting:Environment": "Development"
      }
    },
    "web": {
      "commandName": "web",
      "environmentVariables": {
        "Hosting:Environment": "Development"
      }
    }
  }
}

But also use the extension app.UseIISPlatformHandler(); instead of manipulating the listener. The extension will set up a middleware that will automatically ask for NTLM and translate the appropriate handles from IIS.

When deploying to IIS, if you're using WebListener you have to add the authentication node yourself to the web.config. If you're using HttpPlatformHandler (which I recommend personally) and proxying to kestrel, add forwardWindowsAuthToken="true" to the httpPlatform node in the web.config.

Answer 2

For RC1 & IISExpress from an empty Web Application:

• Right click web project, select Properties
• Click Debug tab, check Enable Windows Authentication

This affected ~/Properties/launchSettings.json as follows:

"windowsAuthentication": true,
"anonymousAuthentication": false,

Answer 3

Because you are building a new application you can change the authentication type by clicking Change Authentication. This will bring up a selection where you can change type type to Windows Authentication.

Answer 4

Mark's answer is still valid in ASP.Net RC1. There are some additional steps to tie it all together (I don't have enough reputation to comment on his solution):

1. Install WebListener from NuGet

2. Add the following usings to Startcup.cs:

   using Microsoft.AspNet.Http.Features;
   using Microsoft.Net.Http.Server;
   

3. Add Mark's code snippet in the Configure method before app.UseMvc:

   // If we're self-hosting, enable integrated authentication (if we're using
   // IIS, this will be done at the IIS configuration level).
   var listener = app.ServerFeatures.Get<WebListener>();
   if (listener != null)
   {
       listener.AuthenticationManager.AuthenticationSchemes = 
       AuthenticationSchemes.NTLM;
   }
   

4. To debug this, you need to add the WebListener run target in project.json, as Mark noted in a different answer:

   "commands": {
     "weblistener": "Microsoft.AspNet.Server.WebListener --config hosting.ini",
     "web": "Microsoft.AspNet.Server.Kestrel"
   },
   

5. Pick weblistener instead of IIS Express of web (Kestrel) to debug your application.

Answer 5

In addition to the other answers here, which are for IIS-hosted only, you can enable Windows Authentication in a self-hosted ASP.NET 5 project (tested against beta 7 and beta 8) by adding the following in the Startup.cs Configure method, before the app.UseMvc or similar that you wish to protect:

UPDATE FOR BETA 8

// If we're self-hosting, enable integrated authentication (if we're using
// IIS, this will be done at the IIS configuration level).
var listener = app.ServerFeatures.Get<WebListener>();
if (listener != null)
{
    listener.AuthenticationManager.AuthenticationSchemes = 
        AuthenticationSchemes.NTLM;
}

PREVIOUS ANSWER FOR BETA 7

// If we're self-hosting, enable windows/integrated authentication.
// For IIS, this needs to be configured in IIS instead, and the
// following will have no effect.
if ((app.Server as ServerInformation) != null)
{
  var serverInformation = (ServerInformation)app.Server;
  serverInformation.Listener.AuthenticationManager.AuthenticationSchemes = 
      AuthenticationSchemes.NTLM;
}

Adapted from the official MusicStore example.

If you're debugging using Visual Studio 2015 with IIS Express, you can turn on Windows Authentication via a checkbox in the debug properties page for a project now, rather than messing with the applicationhost.config file. I couldn't get the web.config solution to work for IIS Express debugging, it throws an error about the configuration not being valid at that level. Note this does not currently work in beta 8 - see this issue

Answer 6

I did everything that i found on internet, no one worked. So, i looked to the aspnet 4.5 configuration files, and i saw that it uses:

<IISExpressAnonymousAuthentication>disabled</IISExpressAnonymousAuthentication>
<IISExpressWindowsAuthentication>enabled</IISExpressWindowsAuthentication>

on .csproj file, i just copied to .xproj file of aspnet 5 and it worked.

Answer 7

With IIS hosting, you can add a web.config file to your wwwroot directory with IIS configurations for your application.

web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
                <anonymousAuthentication enabled="false" />
            </authentication>
        </security>
  </system.webServer>
</configuration>

Answer 8

You need to configure manually IIS Express (in VS2015 CTP6). For do that, edit applicationhost.config file. (C:\Users\your username\Documents\IISExpress\config\applicationhost.config)

In configuration tag add this :

<location path="{your site name}">
    <system.webServer>
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
                <anonymousAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>