Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about Windows Auth #239

Closed
rakhimzhanov opened this issue Feb 17, 2018 · 4 comments
Closed

Question about Windows Auth #239

rakhimzhanov opened this issue Feb 17, 2018 · 4 comments
Labels
question Initially seen a question could become a new feature or bug or closed ;)

Comments

@rakhimzhanov
Copy link

Hello Tom,

Could you please advise, can Ocelot authenticate using windows auth to services where windows auth also enabled? (I mean if gateway and services works only with windows auth)

Thank you.
@TomPallister
Copy link
Member

@rakhimzhanov thanks for your interest in the project.

I have not written anything specific for Windows Authentication. However I think you could get Ocelot using it following this guide https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?tabs=aspnetcore2x and the Ocelot docs http://ocelot.readthedocs.io/en/latest/features/authentication.html

You need to get windows auth registered as with provider then associates it’s key with reroutes in Ocelot.

Now in terms of forwarding Windows auth to downstream services I’m not sure how this would work. My experience with Windows auth is limited. If the downstream service needs a header then Ocelot should be able to forward this on from the upstream request.

Let me know if that helps and if not this might be a feature for the future.

@TomPallister TomPallister added the question Initially seen a question could become a new feature or bug or closed ;) label Feb 20, 2018
@soumaz
Copy link

soumaz commented Oct 10, 2018

I am still facing issues with Windows Authentication. Has this been fixed in the latest Ocelot version?

My gateway is a virtual directory hosted under default site with anonymous access.
And my services are hosted under another virtual directory with windows authentication enabled.

Note: - in IE options settings for "Enable Integrated windows authentication is enabled" from user machine. This is required otherwise the domain.com will not carry the identity.

Default website
----> Gateway = anonymous
-----> services = windows authentication.

With this from user machine when we call with servername.domain.com/gateway/ to get the user name from services, we get the user name for first user.

When the same url is hit by another user he gets the username of the first user, whereas the should have got is his own user name.

what we see is that persist-auth in headers is set to true for communication between gateway and services.

Please assist on the same.

@TomPallister
Copy link
Member

@soumaz I am not sure why this doesn't work, can you debug and submit a PR to fix?

Unfortunately I don't have time to debug learn and fix this issue :(

@Sacrilege
Copy link

@TomPallister I created a PR for this as I needed it too: #1521

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Initially seen a question could become a new feature or bug or closed ;)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Sacrilege @TomPallister @soumaz @rakhimzhanov