Reputation: 368
Windows and Anonymous Authentication in .Net Core 2.0
I'm trying to mix Windows and Anonymous authentication in a .Net Core 2.0 empty web app. I would like to avoid the [Authorize] attribute as I do not want to use Mvc or controllers.
My setup is as follows:
I created an empty .Net Core 2.0 web application
I went to project properties -> Debug -> Checked "Enable Windows Authentication" and disabled "Enable Anonymous Authentication". Now "windowsAuthentication": true and "anonymousAuthentication": false appeared in my launchSettings.json under "IIS".
Inside Startup.cs, in ConfigureServices I added
services.AddAuthentication(Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme);as mentioned in https://learn.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x#windows-authentication-httpsys--iisintegrationI added a simple
Console.WriteLine(context.User.Identity.Name);to see that it works inside app.Run and... It all works!
However... as soon as I set "anonymousAuthentication" to true in launchSettings.json it stops working and I cannot figure out what can I do to make the Windows authentication work alongside with it. Context.User.Identity.IsAuthenticated is always false.
As you can see my configuration is very simple and I need it to stay this way. I want to enable/disable windows authentication on certain dynamic routes, so using controllers with the [Authorize] attribute is not an option.
What I'm trying to achieve is a simple app where the url "/authenticated" would reply with the value of context.User.Identity.Name and the url "/public" would reply with something like say "This is a public page!".
Something similar to NTLM authentication on specific route in ASP.NET Core but without the [Authorize] attribute and controllers.
The resources are very scarce... Anyone have any idea what I could be missing?
Thanks!
Upvotes: 16
Views: 12606
Answers (2)
Reputation: 23078
Tratcher's answer saved me after some wasted time on this topic. For a very simple scenario (anonymous controller + windows authentication restricted in the rest), here is a quick start (middleware):
public class NtlmAndAnonymousSetupMiddleware
{
private readonly RequestDelegate next;
public NtlmAndAnonymousSetupMiddleware(RequestDelegate next)
{
this.next = next;
}
public async Task Invoke(HttpContext context)
{
if (context.User.Identity.IsAuthenticated || context.Request.Path.ToString().StartsWith("/Anonymous"))
{
await next(context);
return;
}
await context.ChallengeAsync("Windows");
}
}
I have just plugged this in at the beginning of Startup.Configure method:
app.UseMiddleware<NtlmAndAnonymousSetupMiddleware>();
Upvotes: 9
Reputation: 6074
Anonymous takes precedence. You need to call httpContext.ChallengeAsync() when you get an anonymous request to a restricted part of your app. That will cause the client to send credentials on the next request. Here's a test that does this.
Upvotes: 13
Related Questions
- Enable both Windows authentication and Anonymous authentication in an ASP.NET Core app
- ASP.NET Core Identity with Windows Authentication
- Implementing windows authentication for asp.net core website
- ASP.NET Core - Authorization Using Windows Authentication
- ASP.Net Core 2.2 Authentication
- Windows Authentication to log into Identity
- Windows Authentication in .net Core 2.1 application
- How do you use both anonymous and windows authentication in ASP.NET Core 2.0
- Windows Authentication with asp.net core
- Authorization for anonymous user (automatic authentication)