I am trying to install Windows and Anonymous authentication in an empty .Net Core 2.0 web application. I would like to avoid the [Authorize] attribute , because I do not want to use Mvc or controllers.
My setup is as follows:
I created an empty .Net Core 2.0 web application
I went to the project properties -> Debug -> Checked "Enable Windows Authentication" and disabled "Enable Anonymous Authentication". Now "windowsAuthentication": true and "anonymousAuthentication": false appeared in my launchSettings.json in the "IIS" section.
Inside Startup.cs, in ConfigureServices, I added services.AddAuthentication(Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme); as stated at https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x#windows-authentication-httpsys--iisintegration
I added a simple Console.WriteLine(context.User.Identity.Name); to see that it works inside the app.Run and ... Everything works!
However ... as soon as I set "anonymousAuthentication" to true in launchSettings.json, it stops working and I cannot figure out what I can do to do Windows authentication with it. Context.User.Identity.IsAuthenticated always false. As you can see, my configuration is very simple, and I need this to be so. I want to enable / disable Windows authentication on specific dynamic routes, so using controllers with the [Authorize] attribute is not an option.
What I'm trying to achieve is a simple application in which the url "/ authenticated" will respond with the value context.User.Identity.Name , and the url "/ public" will respond with something like: "This is a public page!". Something like NTLM authentication on a specific route in ASP.NET Core , but without the [Authorize] attribute and controllers. There are very few resources ... Does anyone know what I can lose? Thanks!
source share