Hi Sebastian. I dug into this offline with our product team and here is what we found. I will just include some of the main bullet points:
- The SF web templates don’t support changing authentication to anything except “No Authentication”. In fact, we are working with the ASP.NET team to disable the “Change Authentication” option on the New ASP.NET dialog. Users need to make the required changes
manually if they want to use different auth.
- launchSettings.json is only applicable to Visual Studio’s.
- It appears within Visual Studio’s there is a UI workflow to “generated template” when configuring “windows security” Which doesn’t sounds like it would be intended to help to “Secure a standalone cluster on Windows by using Windows security”
https://docs.microsoft.com/azure/service-fabric/service-fabric-windows-cluster-windows-security
- Maybe try to “Run a service as a group Managed Service Account”
https://docs.microsoft.com/azure/service-fabric/service-fabric-run-service-as-gmsa
- SF doesn’t know anything about what IIS is hosting, but using a Windows Containers to host your application on IIS within the container, would allow SF to be aware of the container which is hosting IIS.
- You can use windows GMSA to secure a standalone clusters, and to run your service as GMSA.
- My assumption is the SF hosting service is what would allow Windows Auth to work as a Guest.exe, Reliable Service|Actor, or within a container; although Kestrel doesn’t support it directly
