I am building an intranet application in ASP .NET 5, MVC 6. I want to know how to enable Windows Authentication.? The default project template supports only Individual User Accounts.
16
votes
If you plan to host your site on IIS, you can configure windows authentication in IIS
– agua from mars
What about other options like self hosting..?
– AnandhaSundari M
Write a middleware I guess
– agua from mars
@user2935752 I know it's been a while, but if you are still looking, see my answer about how to enable this for a self-hosted project.
– Mark Hughes
8 Answers
7
votes
Mark's answer is still valid in ASP.Net RC1. There are some additional steps to tie it all together (I don't have enough reputation to comment on his solution):
- Install WebListener from NuGet
Add the following usings to Startcup.cs:
using Microsoft.AspNet.Http.Features; using Microsoft.Net.Http.Server;Add Mark's code snippet in the Configure method before app.UseMvc:
// If we're self-hosting, enable integrated authentication (if we're using // IIS, this will be done at the IIS configuration level). var listener = app.ServerFeatures.Get<WebListener>(); if (listener != null) { listener.AuthenticationManager.AuthenticationSchemes = AuthenticationSchemes.NTLM; }To debug this, you need to add the WebListener run target in
project.json, as Mark noted in a different answer:"commands": { "weblistener": "Microsoft.AspNet.Server.WebListener --config hosting.ini", "web": "Microsoft.AspNet.Server.Kestrel" },Pick weblistener instead of IIS Express of web (Kestrel) to debug your application.
5
votes
In addition to the other answers here, which are for IIS-hosted only, you can enable Windows Authentication in a self-hosted ASP.NET 5 project (tested against beta 7 and beta 8) by adding the following in the Startup.cs Configure method, before the app.UseMvc or similar that you wish to protect:
UPDATE FOR BETA 8
// If we're self-hosting, enable integrated authentication (if we're using
// IIS, this will be done at the IIS configuration level).
var listener = app.ServerFeatures.Get<WebListener>();
if (listener != null)
{
listener.AuthenticationManager.AuthenticationSchemes =
AuthenticationSchemes.NTLM;
}
PREVIOUS ANSWER FOR BETA 7
// If we're self-hosting, enable windows/integrated authentication.
// For IIS, this needs to be configured in IIS instead, and the
// following will have no effect.
if ((app.Server as ServerInformation) != null)
{
var serverInformation = (ServerInformation)app.Server;
serverInformation.Listener.AuthenticationManager.AuthenticationSchemes =
AuthenticationSchemes.NTLM;
}
Adapted from the official MusicStore example.
If you're debugging using Visual Studio 2015 with IIS Express, you can turn on Windows Authentication via a checkbox in the debug properties page for a project now, rather than messing with the applicationhost.config file. I couldn't get the web.config solution to work for IIS Express debugging, it throws an error about the configuration not being valid at that level. Note this does not currently work in beta 8 - see this issue
5
votes
The $(ProjectDir)\Properties\launchSettings.json file will trigger Visual Studio to generate a web.config file when debugging appropriately for IISExpress that will have the <authentication/> node set according to the launch settings.
The below is an example launchSettings.json
{
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": false,
"iisExpress": {
"applicationUrl": "http://localhost:65070/",
"sslPort": 0
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"Hosting:Environment": "Development"
}
},
"web": {
"commandName": "web",
"environmentVariables": {
"Hosting:Environment": "Development"
}
}
}
}
But also use the extension app.UseIISPlatformHandler(); instead of manipulating the listener. The extension will set up a middleware that will automatically ask for NTLM and translate the appropriate handles from IIS.
When deploying to IIS, if you're using WebListener you have to add the authentication node yourself to the web.config. If you're using HttpPlatformHandler (which I recommend personally) and proxying to kestrel, add forwardWindowsAuthToken="true" to the httpPlatform node in the web.config.
4
votes
With IIS hosting, you can add a web.config file to your wwwroot directory with IIS configurations for your application.
web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</configuration>
1
votes
I did everything that i found on internet, no one worked. So, i looked to the aspnet 4.5 configuration files, and i saw that it uses:
<IISExpressAnonymousAuthentication>disabled</IISExpressAnonymousAuthentication>
<IISExpressWindowsAuthentication>enabled</IISExpressWindowsAuthentication>
on .csproj file, i just copied to .xproj file of aspnet 5 and it worked.
1
votes
1
votes
0
votes
You need to configure manually IIS Express (in VS2015 CTP6). For do that, edit applicationhost.config file. (C:\Users\your username\Documents\IISExpress\config\applicationhost.config)
In configuration tag add this :
<location path="{your site name}">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</location>
