-
Notifications
You must be signed in to change notification settings - Fork 60
.NET Core 2.0 - IIS integration only functions with "forwardWindowsAuthToken=true" #491
Comments
ForwardWindowsAuthentication is internal in 2.0. It's used only for infrastructure purposes. ASPNETCORE_IIS_HTTPAUTH is also only for infrastructure and you should not need to set it.
forwardWindowsAuthToken=true is the default value unless you have a very old version of AspNetCoreModule installed on the server. Make sure you have a recent version installed. When you got the 500 error what showed up in the application logs? |
I was getting these:
These were coming about I think because I was trying to access the user identity in HTTPContext (which wasn't there if the user wasn't authenticated). I can't seem to find the stdout logs from those errors, but I can repro them by removing the forwardwindowsauth value from web.config . However, I believe that I haven't updated the .NET Core hosting bundle since 1.X, possibly even a preview release, so I'm updating that first to see if that changes anything.. |
Installing the new 2.0.3 .NET Core web hosting bundle from here (https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/aspnet-core-module?tabs=aspnetcore2x) did the trick - the auth handshake is doing normal things again. Ugh & thanks!! |
Closing since it looks like @Coruscate5 issue has been resolved. Feel free reopen if the issue persists. |
As far as I can tell, I shouldn't need to use this old config anymore:
However, I tried for many days to get Kestrel to just "work" normally with my Angular 4 front-end making requests to the .NET Core 2.0 WebApi backend. Regardless of what I change the ASPNETCORE_IIS_HTTPAUTH env var to, it was still failing.
Regardless of the authentication/authorization middleware added, including allowing all CORS, if everything was configured I would still receive a 500 from the WebAPI.
Adding the "forwardWindowsAuthToken=true" value to the aspnetcore section of the web.config magically fixed everything..
Other than creating a repro for this specific issue, is there some reason we can't access the ForwardWindowsAuthentication token from the services injection anymore?
The text was updated successfully, but these errors were encountered: