i migrated my asp.net core mvc webapp from 5 to 6 and after that, windows auth was no more. This problem only occurs when i try to debug my webapp in VS22. When i deploy it to IIS, win auth is working flawlessly. i have tried many suggested solutions to this problems, such as adding
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = IISDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = IISDefaults.AuthenticationScheme;
}).AddNegotiate();
or
services.AddAuthentication(IISDefaults.AuthenticationScheme).AddNegotiate();
or
services.AddAuthorization(options =>
{
options.FallbackPolicy = options.DefaultPolicy;
});
in various positions and orders in my Starup.cs. I have also tried different hosting implementations (Kestrel, IIS). I have also tried HttpSys where it worked but since i cant use it (company env requests IIS) i have to pass it unfortunately. No matter which browser i use (FF, Chrome, IE, Edge) i always get the same 500 internal error response with this exception in the web app:
Exception thrown:
'System.InvalidOperationException' in System.Private.CoreLib.dll
("No authenticationScheme was specified, and there was no DefaultChallengeScheme found.
The default schemes can be set using either AddAuthentication(string defaultScheme)
or AddAuthentication(Action<AuthenticationOptions> configureOptions).")
Startup.cs:
public class Startup {
private Config cfg;
public Startup(IConfiguration configuration) {
Configuration = configuration;
this.cfg = new Config();
Configuration.GetSection("appinfo").Bind(this.cfg);
var client = new LoggingClient(cfg.GetAddressOf("Services.Api.Logging"), cfg.DisplayName.Split('.').Last());
client.WriteLogAsync("UI starting", LogSeverity.Info);
ReferenceHelper.TestReferences(cfg);
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services) {
services.AddControllersWithViews().AddRazorRuntimeCompilation();
services.AddLocalization(options => options.ResourcesPath = "Resources");
services.AddMvc(options => {
options.EnableEndpointRouting = false;
}).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix).AddDataAnnotationsLocalization();
services.AddOptions();
services.Configure<Config>(options => Configuration.GetSection("appinfo").Bind(options));
services.AddSingleton<IConfiguration>(provider => Configuration);
services.AddDistributedMemoryCache();
services.AddSession(
options => {
options.Cookie.IsEssential = true;
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.HttpOnly = true;
});
//services.AddAuthentication(HttpSysDefaults.AuthenticationScheme);
//services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
services.AddAuthentication(IISDefaults.AuthenticationScheme).AddNegotiate();
services.AddScoped<IClaimsTransformation, ClaimsTransformer>();
services.AddAuthorization();
services.AddDataProtection()
.SetApplicationName("InfoServices.Web.Administration")
.PersistKeysToFileSystem(new System.IO.DirectoryInfo(DefaultPaths.WEB_KEYSTORE))
.SetDefaultKeyLifetime(TimeSpan.FromDays(90));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
app.UseMiddleware<ErrorLoggingMiddleware>(new LoggingClient(cfg.GetAddressOf("InfoServices.Api.Logging"), cfg.DisplayName.Split('.').Last()));
app.UseForwardedHeaders();
var supportedCultures = new[] { "en", "de" };
var localizationOptions = new RequestLocalizationOptions().SetDefaultCulture(supportedCultures[1])
.AddSupportedCultures(supportedCultures)
.AddSupportedUICultures(supportedCultures);
localizationOptions.ApplyCurrentCultureToResponseHeaders = true;
//if (env.IsDevelopment()) {
// //app.UseDeveloperExceptionPage();
// app.UseForwardedHeaders();
//} else {
// // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
//}
app.UseHsts();
//app.UseAuthMiddleware();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseDefaultFiles();
app.UseRouting();
app.UseRequestLocalization(localizationOptions);
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Overview}/{id?}");
});
}
}
Program.cs:
public class Program{
private static Config cfg;
public static void Main(string[] args)
{
cfg = ConfigJsonHelper.GetConfig();
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
//webBuilder.UseHttpSys(options =>
//{
// options.Authentication.Schemes = Microsoft.AspNetCore.Server.HttpSys.AuthenticationSchemes.NTLM;
// options.Authentication.AllowAnonymous = true;
// options.UrlPrefixes.Add("https://" LocalDataHelper.GetCurrentHostname() ".domain.at:" cfg.Port);
//}).ConfigureAppConfiguration((hostingContext, config) =>
//{
// var env = hostingContext.HostingEnvironment;
// //config.Sources.Clear();
// config.SetBasePath(env.ContentRootPath);
// config.AddJsonFile("appinfo.json", optional: false, reloadOnChange: true);
// config.AddEnvironmentVariables();
//});
//webBuilder.UseKestrel().ConfigureAppConfiguration((hostingContext, config) =>
//{
// var env = hostingContext.HostingEnvironment;
// //config.Sources.Clear();
// config.SetBasePath(env.ContentRootPath);
// config.AddJsonFile("appinfo.json", optional: false, reloadOnChange: true);
// config.AddEnvironmentVariables();
//}).UseUrls("https://" LocalDataHelper.GetCurrentHostname() ".domain.at:" cfg.Port);
webBuilder.UseIISIntegration().ConfigureAppConfiguration((hostingContext, config) =>
{
var env = hostingContext.HostingEnvironment;
//config.Sources.Clear();
config.SetBasePath(env.ContentRootPath);
config.AddJsonFile("appinfo.json", optional: false, reloadOnChange: true);
config.AddEnvironmentVariables();
}).UseUrls("https://" LocalDataHelper.GetCurrentHostname() ".domain.at:" cfg.Port);
webBuilder.UseStartup<Startup>();
});
}
For nuget pkgs i have:
"Microsoft.AspNetCore.Authentication.Negotiate" Version="6.0.2"
"jQuery" Version="3.6.0"
"jquery.TypeScript.DefinitelyTyped" Version="3.1.2"
"jQuery.Validation" Version="1.19.3"
"Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="6.0.2"
"Microsoft.AspNetCore.StaticFiles" Version="2.2.0"
"Microsoft.Extensions.Configuration.Binder" Version="6.0.0"
"Microsoft.IdentityModel" Version="7.0.0"
"Microsoft.jQuery.Unobtrusive.Validation" Version="3.2.12"
"Newtonsoft.Json" Version="13.0.1"
"Microsoft.TypeScript.MSBuild" Version="4.5.3"
launchSettings.json:
{
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": false,
"iisExpress": {
"applicationUrl": "http://localhost:60248",
"sslPort": 6900,
"windowsAuthentication": true,
"anonymousAuthentication": false
}
},
"profiles": {
"Development": {
"commandName": "Project",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
CodePudding user response:
as suggested out by Chaodeng, i tried the attribute thing as suggestest in the link which did not do it for me. However i looked through the linked post (How to use Windows authentication on ASP.NET Core subpath only?) and i saw the usage of a mini web.config, only containing
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
which did it for me