locked
Does it has a working example for Asp.Net core to authenticate using Windows AD in an internal enterprise network? RRS feed

All replies

  • User475983607 posted

    nkw

    I tried to create an empty template asp.net Web API project using HTTP.sys. And it doesn't work. I plan to create an internal web application using Angular and Asp.Net core web API. And I want the user to authenticate using Windows authentication.

    See the ASP Core Reference docs.

    https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.1&tabs=aspnetcore2x

    Otherwise, explain what "doesn't work" means, the expected results, actual results, and source code to reproduce the behavior.

    Tuesday, July 17, 2018 3:04 PM
  • User-952752686 posted

    I actually followed the link you sent https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.1&tabs=aspnetcore2x#enable-windows-authentication-with-httpsys-or-weblistener

    However, the connection got the error of "An existing connection was forcibly closed by the remote host".  I posted the detail of the error message in https://stackoverflow.com/questions/51332749/the-underlying-connection-was-closed-cannot-run-asp-net-core-2-1-web-api-applic

    Tuesday, July 17, 2018 3:12 PM
  • User753101303 posted

    Hi,

    It seems you have an authentication issue with http. I would try with the -UseDefaultCredentials switch or just with a browser. Does it work ?

    Then it seems you have another error related to https (but make it work first maybe with http to sort of other unrelated errors).

    Edit: and it seems your code is missing calling the Build method compared with the tutorial.

    Tuesday, July 17, 2018 3:13 PM
  • User-952752686 posted

    Hi, http://localhost:5000 is automatically redirected to https://localhost:5001. Eventually, I will need to use https for security reason I think. 

    As for the missing "Build", the new code template created by Visual studio <g class="gr_ gr_82 gr-alert gr_gramm gr_inline_cards gr_run_anim Style multiReplace" id="82" data-gr-id="82">moves .</g>Build() to the method which calls `CreateWebHostBuilder()`.

    Tuesday, July 17, 2018 3:15 PM
  • User753101303 posted

    I understand that. This is not to suggest a fix but to better understand what happens as it seems you have first an authentication problem and then another problem with https.

    Also since then I noticed the Build call is missing. Add this and then test the simplest option. I'm trying to understand if authentication could work and if SSL fails for some reason (for example if you try with IE don't you have a message asking if the certificate should be trusted ?)

    This is why I would test first with http to get past the authentication issue. Then knowing auth works fine I would work on adding https. I would test directly with a browser (for example it might show a certificate issue).

    Tuesday, July 17, 2018 3:20 PM
  • User-952752686 posted

    I've updated the SO question to include the browser screenshot and the code to call `.Build()`.

    Tuesday, July 17, 2018 3:26 PM
  • User475983607 posted

    I assume the issue is related to HTTPS.  First turn off app.UseHttpsRedirection(); and test the API using http.  If that works then the issue probably has to do with the self-signed certificate.

    https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/weblistener?view=aspnetcore-2.1

    https://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx

    http://blog.boxofbolts.com/ssl/windows/owin/guide/2015/06/29/https-self-hosted-windows/

    Tuesday, July 17, 2018 4:33 PM
  • User753101303 posted

    AFAIK ERR_CONNECTION_RESET usually happens when the connection is explicitely reset (for example by a firewall).

    This is basically a 2.1 default template with Windows authentication and https support?

    Tuesday, July 17, 2018 4:40 PM
  • User475983607 posted

    To make it simpler, try this.  Open powershell and isuse this command. 

    dir cert:\localmachine\my

    I assume you were prompted at some point to install the default cert when running an HTTPS enable Core project.  Anyway, my results are...

    Thumbprint                                Subject
    ----------                                -------
    A450FE80A4B3DE1E5C8876C580C3B7FB12376248  CN=localhost

    Then run the following powershell command, replace the hash with your hash not mine, to register port 5001 with the certificate.  The hash is the cert thumbprint.

    $guid = [guid]::NewGuid()
    $certHash = "A450FE80A4B3DE1E5C8876C580C3B7FB12376248"
    $ip = "0.0.0.0" # This means all IP addresses
    $port = "5001" # the default HTTPS port
    "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh

    That should get you up and running on SSL assuming you have a self-signed cert installed. 

    Tuesday, July 17, 2018 4:57 PM