1

I am trying to use Windows Authentication in ASP.NET Core web application under IIS.

I do NOT want to write application code for it.
I want to do it only through web.config or IIS settings.

I already updated web.config with 

forwardWindowsAuthToken=true

As described in https://stackoverflow.com/a/39858689/4869661

In addition, I want to add the authorization section to web.config with Allow\Deny rules, but it doesn't seem to work at all.

Note: it does not matter at which level I do it - even at the IIS Server web.config.

What am I missing?

Thanks!

Improve this question
2
  • forwardWindowsAuthToken=true would be to pass the information of the windows identity to your ASP.NET Core application, but it seems useless to me if you don't want the application to deal with the authorization and if you want to keep it to the IIS level. What are you expecting exactly? That IIS would allow / deny access to the application based on the windows identity and that your application beneath would not have to care at all about security, is that it? Commented Mar 23, 2017 at 23:15
  • Yes, exactly. You are of course correct regarding 'forwardWindowsAuthToken'... Commented Mar 26, 2017 at 6:07
Related questions
15
Asp.Net core MVC application Windows Authentication in IIS
20
How to add Roles to Windows Authentication in ASP.NET Core
4
ASP.NET Core Windows Authentication and Application Roles
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.