All geek questions in one place

Authentication using Windows Authentication with a single action and not the entire application

I want to authenticate using integrated Windows authentication with a single controller in place of a global application. I read many articles on the Internet and StackOverflow, but could not find the answer. Notice that I am developing in Web API 2.0, not MVC.

However, as a general rule, to enable Windows authentication on your entire application, you would do something like Web UI Documentation :

<system.web> <authentication mode="Windows" /> </system.web>

Under the covers, I'm not sure what this does for sure, but I have a suspicion that I can play it on one controller action by doing IAuthenticationFilter as described in the web interface documentation . However, I did not find a convincing article explaining how to do this for Windows Integrated Authentication.

An example of my goal:

At the end of the day, I would like my only web API to accept a request from a client configured to use Windows authentication in any of the following client scenarios:

FROM#

 var handler = new HttpClientHandler() { UseDefaultCredentials = true }; var client = new HttpClient(handler);

Browser

 $.ajax({ url: 'api/testauthentication', type: 'GET', dataType: 'json', xhrFields: { withCredentials: true } })

Edit # 1

It occurred to me to note that I would like to execute the above programmed and not configuration files such as web.config, IIS settings, etc. In addition, I use OWIN to host the application on my servers.

0
source share
2 answers

The answer is based on this MSDN article.

Essentially, you can define a custom delegation method that determines which authentication requests are performed using integrated Windows authentication.

builder in the following code refers to the IAppBuilder instance used in the Startup code of the OWIN stand-alone hosting. For more information on this topic, see the OWIN stand-alone host article .

 OwinHttpListener httpListener = (OwinHttpListener)builder.Properties[typeof(OwinHttpListener).FullName]; httpListener.Listener.AuthenticationSchemeSelectorDelegate = new AuthenticationSchemeSelector(DetermineAuthenticationScheme);

Then define a DetermineAuthenticationScheme delegate method similar to the following:

 AuthenticationSchemes DetermineAuthenticationScheme( HttpListenerRequest request ) { if ( request == null ) { throw new ArgumentNullException( "request" ); } if ( request.RawUrl.IndexOf( "v1/foo", StringComparison.OrdinalIgnoreCase ) >= 0 ) { return AuthenticationSchemes.IntegratedWindowsAuthentication; } return AuthenticationSchemes.Anonymous; }
+1
source

Have you seen the next post? http://www.scip.be/index.php?Page=ArticlesNET38 . It seems like a step by step. You did not mention if you deployed it or had it in IIS Express running through visual studio, but the one part that remained for me was the settings change that was required in the IIS configuration in "My Documents \ IISExpress \ config

  <windowsAuthentication enabled="true">

Please note that this solution seems to cover only part of your browser-based question. For the non-browser based part, I assume that you will need to get an application for 401 answer.

It looks like there is already a stackoverflow entry that covers HttpClient authentication using local window credentials

How to get HttpClient to pass credentials along with the request?

-2
source

Source: https://habr.com/ru/post/1201171/

More articles:


All Articles