Skip to content

MegaByteMark/intradotnet-aspnetcore

BranchesTags

Repository files navigation

IntraDotNet.AspNetCore

ASP.NET Core polyfill for enabling Windows features when targeting a Windows intranet environment.

Summary

This library provides middleware and authorization handlers to enable Windows-specific features in an ASP.NET Core application. It includes support for Windows impersonation and Windows group membership authorization, making it easier to integrate with existing Windows-based AD DS infrastructure in an intranet environment.

Features

  • Windows Impersonation Middleware
  • Windows Group Membership Authorization

Installation

To install the library, add the following NuGet package to your project:

dotnet add package IntraDotNet.AspNetCore

Usage

Windows Impersonation Middleware

To use the Windows Impersonation Middleware, add it to the middleware pipeline in the Program.cs file:

using IntraDotNet.AspNetCore.Middleware;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using IntraDotNet.AspNetCore.DependencyInjection;
using Microsoft.Extensions.Hosting;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers();
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();

//This is to make Windows Auth work on Kestrel.
builder.Services.AddAuthorization(options =>
{
    options.FallbackPolicy = options.DefaultPolicy;
});

var app = builder.Build();

app.UseAuthentication();

// Add after UseAuthentication, you must have already added Negotiate authentication before calling UseAuthentication.
app.UseWindowsImpersonation();

app.UseAuthorization();

app.MapControllers();

app.Run();

Windows Group Membership Authorization

To use Windows Group Membership Authorization, configure the authorization policies in the appsettings.json file and Startup.cs file:

appsettings.json

{
  "Authorization": {
    "Policies": [
      {
        "Name": "RequireWindowsGroup",
        "AllowedGroups": [ "DomainName\\GroupName" ]
      }
    ]
  }
}

Program.cs

using IntraDotNet.AspNetCore.Authorization.WindowsGroupMembership.DependencyInjection;
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers();

builder.Services.AddWindowsGroupMembershipAuthorization(() =>
{
  return builder.Configuration.GetSection("Authorization:WindowsGroupMembershipAuthorization").Get<WindowsGroupMembershipAuthorizationOptions>()
});

var app = builder.Build();

app.UseRouting();
app.UseAuthorization();
app.MapControllers();

app.Run();

In your controller, you can then use the policy to protect actions:

[Authorize(Policy = "RequireWindowsGroup")]
public class SecureController : ControllerBase
{
    public IActionResult Get()
    {
        return Ok("This is a secure endpoint.");
    }
}

For minimal API:

app.MapGet("/ping", (HttpContext httpContext) =>
{
    var username = httpContext.User.Identity?.Name ?? "Anonymous";
    return $"pong from {username}";
})
.RequireAuthorization("RequireWindowsGroup");

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

License

This project is licensed under the MIT License.

About

ASP.NET Core polyfill for enabling Windows features when targetting an intranet enviroment.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages