Use Windows Authentication in Net Core 2.0

This link has everything we need: Configure Windows authentication in an ASP.NET Core app

About the launchsetting.json file

  • See What is launchsetting.json in ASP.NET Core
  • Windows Authentication and Anonymous Authentication can be set through IIS Authorization or launchsetting.json. However launchsetting.json only affects  development time (running through IIS profile) . Once deployed,  it's determined by IIS Authorization setting only.

If Windows Authentication is enabled but Anonymous is disabled


When Windows authentication is enabled and anonymous access is disabled, the [Authorize] and [AllowAnonymous] attributes have no effect.

The above description in Configure Windows authentication in an ASP.NET Core app is somehow wrong. In contrast, in a Intranet app where anonymous is disabled, there is no problem to still use [Authorize] to control access based on Windows groups. This pattern is common in real world.

Be aware cache issue when testing

For example, after adding/removing current user into/from TestGroup, we should close the browser and then reopen it to test the code. Chrome seems to show more cache issue. Use IE or Firefox for test.

Working code example


Required NuGet Package: Microsoft.AspNetCore.Authentication

Startup.cs

 public void ConfigureServices(IServiceCollection services) {
    ...
    services.AddMvc();
    services.AddAuthentication(IISDefaults.AuthenticationScheme);
    ...
}

BranchesController.cs

// Domain group
[Authorize(Roles = "Domain\\Domain Users")]
public class BranchesController : Controller    {

   // Local group
    [Authorize(Roles = "LocalComputerName\\TestGroup")]
    public async Task<IActionResult> Index()  {       
...
   }

    // Local group
    [Authorize(Roles = "TestGroup")]
    public async Task<IActionResult> Details(int? id) {
...
   }
}

How to get current user's login id?

Most web documents are talking about Asp.Net Core Identity that resumed Individual User Account is implemented rather than Windows Authentication. 

 Note: Individual User Accounts is referring to ASP.NET Identityhttps://softwareengineering.stackexchange.com/questions/284380/is-formsauthentication-obsoleteAsp.Net Core Identity is a self-contained membership and role provider authentication brought with Net Core for which the following links are helpful:

             // Migration from NET Core 1.0 to NET Core 2.0
            // https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x

             // Migration from ASP.NET MVC to NET Core 1.0

            // https://docs.microsoft.com/en-us/aspnet/core/migration/identity

             https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware?tabs=aspnetcore2x

However for our Intranet application, we use Windows Authentication instead.  Much simpler than thought, in my controller, the following line will return DOMAIN\userid

var userId = this.user.Identity.Name;

 Note, you must disable Anonymous Authentication and enable Windows Authentication, else the returned userid might be null.

 https://stackoverflow.com/questions/45987976/httpcontext-user-identity-not-set-when-not-using-iis-express




Comments

Post a Comment

Popular posts from this blog

Use GnuPG Tools or C# Code for PGP Encryption and Signature

For PGP encryption and signature, usually we use PGP command line tools for test purpose and finally use C# application for production. Mine is a Net Core 2.0 console application using NuGet package PgpCore,  https://github.com/mattosaurus/PgpCore. PgpCore is based on BouncyCastle.NetCore which supports the standard OpenPGP keys. Here w use the popular GnuPG (GPG) tools to generate OpenPGP key pair. Download and Install GPG for Windows Download from  https://gpg4win.org/download.html . By default the installation will create two folders (here we use command line tools only): Gpg4Win UI (Kleopatra): C:\Program Files (x86)\Gpg4win Command line tools: C:\Program Files (x86)\GnuPG\bin Generate a GPG Key Pair For GnuPG 2.2.1 and above:     C:\Program Files (x86)\GnuPG\bin> gpg --full-generate-key For old versions of GnuPG:     C:\Program Files (x86)\GnuPG\bin> gpg --gen-key Common GPG Commands List public keys: gpg --list-key or gpg -k List private keys: gpg
Read more

Errors in Net Core Add-Migration

Visual Studio 2017 version 15.5.2, Net Core 2. Add-Migration error: Exception calling "SetData" with "2" argument(s): "Type  'Microsoft.VisualStudio.ProjectSystem.VS.Implementation.Package.Automation.OAProject' in  assembly 'Microsoft.VisualStudio.ProjectSystem.VS.Implementation, Version=15.0.0.0,  Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' is not marked as serializable." At C:\Users\wanj\.nuget\packages\entityframework\6.2.0\tools\EntityFramework.psm1:720 char:5 +     $domain.SetData('project', $project) +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException     + FullyQualifiedErrorId : SerializationException Exception calling "SetData" with "2" argument(s): "Type  'Microsoft.VisualStudio.ProjectSystem.VS.Implementation.Package.Automation.OAProject' in  assembly 'Microsoft.VisualStudio.ProjectSystem.VS.Impl
Read more

Confusing Concepts about SFTP: SSH2 vs OpenSSH

Credit and copied from https://dada.tw/2008/01/03/70/ Terminology: SSH Protocols and Products SSH A generic term referring to SSH protocols or software products. SSH-1 The SSH protocol, Version 1. This protocol went through several revisions, of which 1.3 and 1.5 are the best known, and we will write SSH-1.3 and SSH-1.5 should the distinction be necessary. SSH-2 The SSH protocol, Version 2, as defined by several draft standards documents of the IETF SECSH working group. SSH1 Tatu Ylönen's software implementing the SSH-1 protocol; the original SSH. Now distributed and maintained (minimally) by SSH Communications Security, Inc. SSH2 The "SSH Secure Shell" product from SSH Communications Security, Inc. This is a commercial SSH-2 protocol implementation, though it is licensed free of charge in some circumstances. ssh (all lowercase letters) A client program included in SSH1, SSH2, OpenSSH, F-Secure SSH, and other
Read more