Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
273 views
in Technique[技术] by (71.8m points)

c# - Windows and Anonymous Authentication in .Net Core 2.0

I'm trying to mix Windows and Anonymous authentication in a .Net Core 2.0 empty web app. I would like to avoid the [Authorize] attribute as I do not want to use Mvc or controllers.

My setup is as follows:

  1. I created an empty .Net Core 2.0 web application

  2. I went to project properties -> Debug -> Checked "Enable Windows Authentication" and disabled "Enable Anonymous Authentication". Now "windowsAuthentication": true and "anonymousAuthentication": false appeared in my launchSettings.json under "IIS".

  3. Inside Startup.cs, in ConfigureServices I added services.AddAuthentication(Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme); as mentioned in https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x#windows-authentication-httpsys--iisintegration

  4. I added a simple Console.WriteLine(context.User.Identity.Name); to see that it works inside app.Run and... It all works!

However... as soon as I set "anonymousAuthentication" to true in launchSettings.json it stops working and I cannot figure out what can I do to make the Windows authentication work alongside with it. Context.User.Identity.IsAuthenticated is always false. As you can see my configuration is very simple and I need it to stay this way. I want to enable/disable windows authentication on certain dynamic routes, so using controllers with the [Authorize] attribute is not an option.

What I'm trying to achieve is a simple app where the url "/authenticated" would reply with the value of context.User.Identity.Name and the url "/public" would reply with something like say "This is a public page!". Something similar to NTLM authentication on specific route in ASP.NET Core but without the [Authorize] attribute and controllers. The resources are very scarce... Anyone have any idea what I could be missing? Thanks!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Anonymous takes precedence. You need to call httpContext.ChallengeAsync() when you get an anonymous request to a restricted part of your app. That will cause the client to send credentials on the next request. Here's a test that does this.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...