We recently updated to .net7 and we had to do some changes to our Identity Server project. One of those changes was adding these services in the Startup.cs:
services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
.AddNegotiate(options => { });
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options => { });
We also had to change the decorators in our API endpoints from this:
[Authorize(AuthenticationSchemes = "Windows")]
to this:
[Authorize(AuthenticationSchemes = NegotiateDefaults.AuthenticationScheme)]
I suspect that because of these changes, our web app stopped working in Firefox. An unauthorized is returned when trying to reach the IS. Looking through the Internet I found that setting the network.negotiate-auth.allow-non-fqdn to true (for localhost) and adding domains to network.negotiate-auth.trusted-uris fixes the issue, but I wanted to know if there is any config that I could add in IS to avoid doing this.
I found out that the problem was we changed our web server from HttpSys to Kestrel. Changing back to HttpSys fixed the issue, but in theory we should be using Kestrel as it is the one recommended for ASP.NET Core.