All geek questions in one place

Web API 2 Windows Authentication Continues to Request Login

I have a basic setup of Web API 2 with Visual Studio 2015 along with IIS 10.0 on Windows 10. 401 requests (Windows authentication) continues to ask me to log in. I can log in and it accepts my credentials, but nothing I do gets rid of this prompt.

I have:

  • Added <authentication mode="Windows" />to web.config in<system.web>
  • Anonymous authentication through IIS is disabled
  • Windows Authentication Enabled Through IIS

Is there something I need to add to my controller or WebApiConfig in order to request a url like / api / core / getweatherdata, without asking for a login request?

+6
source share
4 answers

I can think of two situations that can happen.

  • The IIS application pool user is configured incorrectly and does not know what \ who represents. (IIRC should be installed in the NETWORK SERVICE service) Link here .

  • The address you use is not an intranet, which then requests authentication. Link here

0
source

You will most likely just need to change the settings on your computer. For Windows Authentication to work without prompts, you need to configure your Internet options accordingly.

> > "" > "" > " " > .

enter image description here

0

T , Windows, - 401 Access Denied

, ​​ ,

A -, ?

B - Kerberos ? ?

, Kerberos Windows - ,

1- Active Directory, AD, , Kerberos

2 , , , , , .

3 , , ( ), Windows

4- Windows Authentication, "Negotiate/Kerberos" "Negotiate"

5- , CMD, SPN , , "lab\testuser", - "server1A", (Fully Qualified Domain Name) - "server1A". test.com" :

setspn -s server1A lab\testuser
setspn -s server1.test.com testuser

Kerberos, , , , [KLIST-] [3] , klist purge

, DNS, IIS, CMD "R un as admin"

ipconfig/flushdns
iisreset

, , , , -

0

-API 2 VS2017 IIS Express. WebApiConfig.cs :

 // Web API configuration and services
 // Configure Web API to use only bearer token authentication.
 config.SuppressDefaultHostAuthentication();
 config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));

config.SuppressDefaultHostAuthentication();this is a method that blocks the authentication features of web.config (and I assume IIS). In my case, commenting out the line worked like this: web.config:

<security>
      <authentication> 
        <anonymousAuthentication enabled="false"/>
        <windowsAuthentication enabled="true"/>
      </authentication>
    </security>

Keep in mind that this does not solve the “double jump” situation, that is, an authenticated user on a website that passes backend API credentials ... but that's a different story.

0
source

Source: https://habr.com/ru/post/1659200/

More articles:


All Articles