I have an ASP.NET Core webserver that is running on .NET Core 2.2 and was previously able to handle Windows Authentication. This feature wasn't tested for a long time though, and now I'm trying to reactivate it. The frondend is running Angular, and there seems to be no special settings involved on the fronend side. Still, I always get a 401 unauthorized error when calling the windowslogin endpoint. Here's the controller code that was previously there and hasn't been modified:
[Authorize(AuthenticationSchemes = "Windows")]
[HttpPost]
[Route("windowslogin")]
public IActionResult RequestTokenForWindowsLogin()
{
IIdentity windowsIdentity;
try
{
windowsIdentity = Request.HttpContext.User.Identity;
}
catch (Exception ex)
{
...
}
IUserInfo user = UserService.GetIccUserFromWindowsUser(windowsIdentity);
if (user == null) {
return Forbid();
}
IActionResult token = CreateToken(user);
return token;
}
The authentication scheme "Windows" wasn't explicitly added in the startup file, so I'm not sure which changed I have to make. I already checked the Windows authentication checkbox in the project settings and activated it in the Windows IIS settings on my local machine.
This is most of the startup.cs:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(IISDefaults.AuthenticationScheme)
.AddJwtBearer("Default", options =>
{
options.Events = new JwtBearerEvents{ OnMessageReceived = handleAuthTokenInQuery};
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["SecurityKeyIssuer"],
ValidAudience = Configuration["SecurityKeyAudience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"]))
};
})
.AddJwtBearer("AzureAD", options =>
{
...
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("Default", "AzureAD")
.Build();
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddMemoryCache();
services.AddCors(o => o.AddPolicy("AllowAnyOrigin", builder =>
{
builder.WithOrigins("http://locahost:4000")
//.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed((x) => true)
.AllowCredentials();
}));
services.AddSignalR();
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IHubContext<AppHub> signalRHub, IAppService appService, IZeitbuchungService zeitbuchungService, IChatService chatService)
{
AppHub.GlobalContext = signalRHub;
List<string> origins = Configuration.GetSection("Origins:value").Get<List<string>>();
app.UseCors("AllowAnyOrigin");
app.UseHsts();
app.UseAuthentication();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseSignalR(routes =>
{
routes.MapHub<AppHub>("/apphub");
});
app.UseMvc(routes => { routes.MapRoute(name: "default", template: "{controller}/{action=Index}/{id?}"); });
app.UseSpa(spa => { spa.Options.SourcePath = "ClientApp"; });
SqlDependency.Start(Configuration["Database:ConnectionString"]);
}