none
Windows authentication of an app hosted in Windows Container RRS feed

  • Question

  • I would like to use Windows authentication to access an ASP.NET application, hosted in a Windows Container (in Windows Server 2016 TP4). For this, I presume I need to add the  container to the Active Directory domain. Is it all possible to add a Windows Container (or Hyper-V Container) to a domain? There is no clear documentation from Microsoft on this, and I myself tried adding the container to the domain using PowerShell, but with no luck. 
    If this domain joining a Container is not supported, is there any alternative way to enable Windows Authentication in a web application hosted in a Windows or Hyper-V Container? 
    Any input will be highly appreciated.
    Friday, January 8, 2016 11:54 AM

All replies

  • Frankly, this is a popular question of late and I have not seen any answers from MSFT regarding the state.

    Knowing a bit of the underpinnings, I might expect a Hyper-V Container being able to domain join (at this time) but a Server Container might not.  All due to what is / is not shared with the root.  However, I have not tried.

    I will definitely ask the folks I know.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

    Friday, January 8, 2016 3:49 PM
    Moderator
  • Any update on this?

    Here is what I tried so far to join a Hyper-V Container to a domain:

    1) I added the host Win 2016 TP4 server to the domain that I created (mydomain.com). Then logged in to the server using domain admin account.

    2) To make the Hyper-V container accessible from outside, I created NAT port mapping to map port 80 of container to host's port 80, using Add-NetNatStaticMapping cmdlet. Also, configured inbound firewall rule for the port 80.

    3) The PowerShell management cmdlet "Add-Computer" to add a computer to a domain is not recognized from within the container, so I tried to run the same from host machine like this:
    Add-Computer -ComputerName 172.16.0.3 -LocalCredential mydomain\Administrator -DomainName mydomain.com -Credential mydomain\Administrator –Restart

    Here, 172.16.0.3 is my container IP address and 'mydomain\Administrator' is the domain admin account.

    However, this gave error "Cannot establish the WMI connection to the computer '172.16.0.3' with the following error message: Access is denied."

    4) Thinking adding the user 'mydomain\Administrator' to the Container's administrators group might resolve the error, I tried doing the same using the following script:

    $DomainName = "mydomain.com"
    $ComputerName = "172.16.0.3"
    $UserName = "Administrator"
    $AdminGroup = [ADSI]"WinNT://$ComputerName/Administrators,group"
    $User = [ADSI]"WinNT://$DomainName/$UserName,user"
    $AdminGroup.Add($User.Path)

    However, it generated error "The following exception occurred while retrieving member "Add": "The network path was not found."

    5) Following a suggestion from a post, I also enabled File and Printer Sharing on the firewall, but that did not solve the issue either.


    Wednesday, January 20, 2016 7:24 AM
  • Any update on this? I'm too seeking the same answer to using Windows Authentication to a web app in a containers.
    Saturday, February 27, 2016 10:38 AM
  • Hello again, same answer as in the other thread. Here's our current statement on this: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress#domain-membership

    Please feel free to share any feedback you have on this, and what you'd like to see.

    Regards,

    Ender

    Monday, February 29, 2016 11:54 PM
    Moderator
  • That link is dead now, redirects elsewhere. Can you include the relevant text when quoting a link as a source?
    Thursday, August 4, 2016 3:19 PM