My organization creates apps that must support employees on two entirely separate networks (let's call them network "A" and network "B"). Applications on network "A" must always use Windows Authentication. Since network "B" is entirely separate and therefore cannot have a trust relationship established between the two, the only option is to allow "Anonymous" access and force the user to login in with manual credentials.
Currently, our Asp.Net apps have both "Anonymous" and "Forms" authentication enabled with a code-behind check of the "LOGON_USER" server variable and if it finds one that maps to a valid Windows Account on network "A", they are automatically logged in, else they must manually log in.
In Asp.Net Core, this line of code does not return any value if "Anonymous" authentication is enabled side-by-side with "Windows" authentication:
@HttpContextAccessor.HttpContext?.GetServerVariable("LOGON_USER")
Only when "Windows" is enabled with nothing else do we get a username using the above line of code.
The key question to ask here is if there is any way at all to maintain the single sign on ability in a Asp.Net Core / Blazor server app so that we do not have to maintain two different versions of the same application? Or is this no longer possible?
I have read the summation of this article (Secure ASP.NET Core Blazor Server Apps) from Microsoft, and if my interpretation is correct, it unfortunately sounds as if we must develop our own central authentication system that is not built in Asp.NET Core, but instead a traditional Asp.NET app that authenticates users and in turn, informs the Blazor server apps we create of the validated user instead.