configuring windows AD authentication in .Net Core 2.x MVC app

Question

I created a .Net Core 2.2 MVC web app(Entity Framework and Razor pages).

The app is hosted on a Windows 2016 Server using IIS and belongs to our Windows AD domain.

The app works fine using no authentication or anonymous authentication.

However now, I want to enable security for one of the controllers in such a way that an AD user who is logged into their workstation on our domain can access it.

So I followed this tutorial:

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.2&tabs=visual-studio#server-side-configuration-with-the-iis-manager

I set my Startup class to include the needed entry in ConfigureServices:

Startup.cs:

using Microsoft.AspNetCore.Server.IISIntegration;

public void ConfigureServices(IServiceCollection services)
{
    //...
    services.AddAuthentication(IISDefaults.AuthenticationScheme);
    //...
}

And this is the controller that has one method that I want to lock down:

ResearchController.cs:

using Microsoft.AspNetCore.Authorization;


public class SecuredOptionsController : Controller
{
    [Authorize(Roles = "FrankJ, AliceR")]
    [HttpPost]
    public async Task<IActionResult> AccessSecretData(DateTime? start, DateTime? end)
    {
        return View();
    }
}

I only want two Domain users to be able to access this: I Added FrankJ and AliceR AD domain accounts to the User Accounts section in Windows Server.

When I hit that controller, a login prompt does appear, but it never works when I enter in the credentials for FrankJ or AliceR. I've tried just using 'FrankJ' and I tried 'TheDomain/FrankJ'

What am I missing?

Answer 1

This was an easy fix and I managed to get it working by adding these two lines below:

In my controller, I had to add the domain like this:

 [Authorize(Roles = "MyDomain\\DevOps")]

And in the Configure method of Startup.cs, I had to add this:

app.UseAuthentication();