Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASP.NET Core Windows Authentication except specific paths #2913

Closed
madrianr opened this issue Mar 1, 2018 · 5 comments
Closed

ASP.NET Core Windows Authentication except specific paths #2913

madrianr opened this issue Mar 1, 2018 · 5 comments

Comments

@madrianr
Copy link

madrianr commented Mar 1, 2018

in our ASP.NET Core solution we use Windows Authentication but for one path we need anonymous Access because it is the path for the WOPI Access from Office Online Server like api/wopi/files/{id}

is there a possibility to except specific paths in ASP.NET CORE with Windows Authentication?

robert
@Tratcher
Copy link
Member

Tratcher commented Mar 1, 2018

A sample will be provided as part of https://github.com/aspnet/AuthSamples/issues/15

You're using IIS, correct? In IIS enable Windows and Anonymous. Then on all of your controllers that require auth specify [Authorize]. If this is for ASP.NET Core 2.0 then also add services.AddAuthentication(IISDefaults.AuthenticationScheme) in Startup.ConfigureServices.

@madrianr
Copy link
Author

madrianr commented Mar 2, 2018
edited

It seems that isn't enough - what about classes which we Inject into our views?
we have a class which we inject into our view in the _ViewImports.cshtml like this:
@Inject IObjektberechtigungen Objektberechtigungen

in this class we make database calls with RunImpersonated like this:

var callerIdentity = context.User.Identity as WindowsIdentity; WindowsIdentity.RunImpersonated(callerIdentity.AccessToken, () => { result = db.Query<T>(sql, parameters, commandType: System.Data.CommandType.StoredProcedure); });

I can specify [Authorize] for this class but it seems this doesn't work - there is always a error in the line:
WindowsIdentity.RunImpersonated(callerIdentity.AccessToken,
NullReferenceException: The object reference was not set to an object instance.

we use IISExpress with VS 2017 and targeting NET 4.6.2

Robert

PS: isn't it possible to have only Windows authentication and use [AllowAnonymous] on specific Controllers/Actions to allow without authentication?

@Tratcher
Copy link
Member

Tratcher commented Mar 2, 2018
edited

The authorize attribute goes on you mvc controller class. Or are you using razor pages instead?

@madrianr
Copy link
Author

madrianr commented Mar 2, 2018

solved it now - set the following to have authorization on every Controller

    `services.AddMvc(options =>
            {
                var policy = new AuthorizationPolicyBuilder()
                    .RequireAuthenticatedUser()
                    .Build();
                options.Filters.Add(new AuthorizeFilter(policy));
            })`

and use [AllowAnonymous] for those where I don't need it

@madrianr madrianr closed this as completed Mar 5, 2018
@code2expert
Copy link

Is there a way to authenticate to active directory by using a form instead of the default pop-up form with username and password that prompts anytime youre opening the app?

@ghost ghost locked as resolved and limited conversation to collaborators Dec 4, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Tratcher @madrianr @code2expert