0

I have created an intranet application that needs to know who the authenticated windows user is for security and roles-based authentication.

No problems with Edge... the authenticated user is identified correctly. In Chrome, though, the users are continually prompted (even if they enter their credentials in the prompt).

I am prompted when running the web app locally (IIS Express) as well as when deployed to a web server running IIS 7.5

I have tried various iis app pool configurations, none of which prevent the authentication prompt. The url is in the trusted list of websites in Internet Options. Windows Authentication and Identity Impersonation are enabled in IIS.

Home component API call:

 constructor(http: HttpClient, @Inject('BASE_URL') baseUrl: string)
  {
    http.get<User>(baseUrl + 'api/Auth/GetUserName', {withCredentials: true}).subscribe(result =>
    {
      this.user = result;
    }, error => console.error(error));
  }

C# Controller:

[Route("api/[controller]")]
[ApiController]
public class AuthController : Controller
{
    [AllowAnonymous]
    [HttpGet("[action]")]
    public User GetUserName()
    {
        WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
        string domainContextName = "";
        try
        {
            DomainContext domainContext = AppHelper.CurrentDomainContext;
            domainContextName = domainContext.UserId;
        }
        catch(Exception ex)
        {
            domainContextName = ex.Message;
        }

        User user = new User()
        {
            WindowsIdentityGetCurrent = currentUser.Name,
            HttpContextUserIdentityName = HttpContext.User.Identity.Name,
            DomainContextName = domainContextName
        };

        return user;
    }
}
Improve this question

1 Answer 1

Reset to default
1

I worked out the issue on my end.

Turned out I had an Http Interceptor that was injecting a jwt token into my relative api controllers for GetAuth and GetConfiguration. I had to add a condition so that the jwt authroization header was NOT added to those two http calls. Once I did that the controllers stopped throwing 401 and windows authentication started working again.

This helped: ASP.Net Core 2.0 mixed authentication of JWT and Windows Authentication doesn't accept credentials

Here is the relevant bits in my HttpAuthInterceptor:

setHttpRequestHeaders(req: HttpRequest<any>, token: string): HttpRequest<any>
{
if (!req.headers.has('Authorization') && token)
{
  let jwt: string = 'Bearer ' + token;

  req = req.clone({ headers: req.headers.set('Authorization', jwt) });
}

// setting the accept header
req = req.clone({ headers: req.headers.set('Accept', 'application/json') });

return req;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.