Skip to content
This repository has been archived by the owner on Nov 1, 2018. It is now read-only.

.NET Core 2.0 - IIS integration only functions with "forwardWindowsAuthToken=true" #491

Closed
Coruscate5 opened this issue Dec 19, 2017 · 4 comments
Closed

.NET Core 2.0 - IIS integration only functions with "forwardWindowsAuthToken=true" #491

Coruscate5 opened this issue Dec 19, 2017 · 4 comments

Comments

@Coruscate5
Copy link

As far as I can tell, I shouldn't need to use this old config anymore:

            services.Configure<IISOptions>(options =>
            {
                options.AutomaticAuthentication = true;
                options.ForwardWindowsAuthentication = true;
            });

However, I tried for many days to get Kestrel to just "work" normally with my Angular 4 front-end making requests to the .NET Core 2.0 WebApi backend. Regardless of what I change the ASPNETCORE_IIS_HTTPAUTH env var to, it was still failing.

Regardless of the authentication/authorization middleware added, including allowing all CORS, if everything was configured I would still receive a 500 from the WebAPI.

Adding the "forwardWindowsAuthToken=true" value to the aspnetcore section of the web.config magically fixed everything..

Other than creating a repro for this specific issue, is there some reason we can't access the ForwardWindowsAuthentication token from the services injection anymore?
@Tratcher
Copy link
Member

ForwardWindowsAuthentication is internal in 2.0. It's used only for infrastructure purposes. ASPNETCORE_IIS_HTTPAUTH is also only for infrastructure and you should not need to set it.

IISIntegration/src/Microsoft.AspNetCore.Server.IISIntegration/IISOptions.cs

Line 24 in d2fba28

internal bool ForwardWindowsAuthentication { get; set; } = true;

forwardWindowsAuthToken=true is the default value unless you have a very old version of AspNetCoreModule installed on the server. Make sure you have a recent version installed.

When you got the 500 error what showed up in the application logs?

@Coruscate5
Copy link
Author

I was getting these:

2017-12-19 11:17:19.6104 [EventId:13] [Thread:12] Microsoft.AspNetCore.Server.Kestrel [ERROR] - Connection id "0HLA72JND95HL", Request id "0HLA72JND95HL:00000002": An unhandled exception was thrown by the application. Object reference not set to an instance of an object.

These were coming about I think because I was trying to access the user identity in HTTPContext (which wasn't there if the user wasn't authenticated). I can't seem to find the stdout logs from those errors, but I can repro them by removing the forwardwindowsauth value from web.config .

However, I believe that I haven't updated the .NET Core hosting bundle since 1.X, possibly even a preview release, so I'm updating that first to see if that changes anything..

@Coruscate5
Copy link
Author

Installing the new 2.0.3 .NET Core web hosting bundle from here (https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/aspnet-core-module?tabs=aspnetcore2x) did the trick - the auth handshake is doing normal things again.

Ugh & thanks!!

@shirhatti
Copy link
Contributor

Closing since it looks like @Coruscate5 issue has been resolved. Feel free reopen if the issue persists.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Tratcher @shirhatti @Coruscate5