5

i migrated my asp.net core mvc webapp from 5 to 6 and after that, windows auth was no more. This problem only occurs when i try to debug my webapp in VS22. When i deploy it to IIS, win auth is working flawlessly. i have tried many suggested solutions to this problems, such as adding

services.AddAuthentication(options => {
                options.DefaultAuthenticateScheme = IISDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = IISDefaults.AuthenticationScheme;
            }).AddNegotiate();

or

services.AddAuthentication(IISDefaults.AuthenticationScheme).AddNegotiate();

or

services.AddAuthorization(options =>
            {
                options.FallbackPolicy = options.DefaultPolicy;
            });

in various positions and orders in my Starup.cs. I have also tried different hosting implementations (Kestrel, IIS). I have also tried HttpSys where it worked but since i cant use it (company env requests IIS) i have to pass it unfortunately. No matter which browser i use (FF, Chrome, IE, Edge) i always get the same 500 internal error response with this exception in the web app:

Exception thrown: 
'System.InvalidOperationException' in System.Private.CoreLib.dll 
("No authenticationScheme was specified, and there was no DefaultChallengeScheme found. 
The default schemes can be set using either AddAuthentication(string defaultScheme)
or AddAuthentication(Action<AuthenticationOptions> configureOptions).")

Startup.cs:

public class Startup {
    private Config cfg;
    public Startup(IConfiguration configuration) {
        Configuration = configuration;
        this.cfg = new Config();
        Configuration.GetSection("appinfo").Bind(this.cfg);
        var client = new LoggingClient(cfg.GetAddressOf("Services.Api.Logging"), cfg.DisplayName.Split('.').Last());
        client.WriteLogAsync("UI starting", LogSeverity.Info);
        ReferenceHelper.TestReferences(cfg);
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services) {
        services.AddControllersWithViews().AddRazorRuntimeCompilation();
        services.AddLocalization(options => options.ResourcesPath = "Resources");
        services.AddMvc(options => {
            options.EnableEndpointRouting = false;

        }).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix).AddDataAnnotationsLocalization();

        services.AddOptions();
        services.Configure<Config>(options => Configuration.GetSection("appinfo").Bind(options));
        services.AddSingleton<IConfiguration>(provider => Configuration);
        services.AddDistributedMemoryCache();
        services.AddSession(
            options => {
                options.Cookie.IsEssential = true;
                options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
                options.Cookie.SameSite = SameSiteMode.Strict;
                options.Cookie.HttpOnly = true;
            });
        //services.AddAuthentication(HttpSysDefaults.AuthenticationScheme);
        //services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
        services.AddAuthentication(IISDefaults.AuthenticationScheme).AddNegotiate();
        services.AddScoped<IClaimsTransformation, ClaimsTransformer>();
        services.AddAuthorization();
        services.AddDataProtection()
            .SetApplicationName("InfoServices.Web.Administration")
            .PersistKeysToFileSystem(new System.IO.DirectoryInfo(DefaultPaths.WEB_KEYSTORE))
            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
        app.UseMiddleware<ErrorLoggingMiddleware>(new LoggingClient(cfg.GetAddressOf("InfoServices.Api.Logging"), cfg.DisplayName.Split('.').Last()));
        app.UseForwardedHeaders();

        var supportedCultures = new[] { "en", "de" };
        var localizationOptions = new RequestLocalizationOptions().SetDefaultCulture(supportedCultures[1])
            .AddSupportedCultures(supportedCultures)
            .AddSupportedUICultures(supportedCultures);
        localizationOptions.ApplyCurrentCultureToResponseHeaders = true;


        //if (env.IsDevelopment()) {
        //    //app.UseDeveloperExceptionPage();
        //    app.UseForwardedHeaders();
        //} else {
        //    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
        //}
        app.UseHsts();
        //app.UseAuthMiddleware();
        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseDefaultFiles();
        app.UseRouting();
        app.UseRequestLocalization(localizationOptions);
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseSession();


        app.UseEndpoints(endpoints => {
            endpoints.MapControllers();
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Overview}/{id?}");
        });
    }
}

Program.cs:

public class Program{
    private static Config cfg;
    public static void Main(string[] args)
    {
        cfg = ConfigJsonHelper.GetConfig();
        CreateHostBuilder(args).Build().Run();
    }


    public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                //webBuilder.UseHttpSys(options =>
                //{
                //    options.Authentication.Schemes = Microsoft.AspNetCore.Server.HttpSys.AuthenticationSchemes.NTLM;
                //    options.Authentication.AllowAnonymous = true;
                //    options.UrlPrefixes.Add("https://" + LocalDataHelper.GetCurrentHostname() + ".domain.at:" + cfg.Port);
                //}).ConfigureAppConfiguration((hostingContext, config) =>
                //{
                //    var env = hostingContext.HostingEnvironment;
                //    //config.Sources.Clear();
                //    config.SetBasePath(env.ContentRootPath);
                //    config.AddJsonFile("appinfo.json", optional: false, reloadOnChange: true);
                //    config.AddEnvironmentVariables();
                //});
                //webBuilder.UseKestrel().ConfigureAppConfiguration((hostingContext, config) =>
                //{
                //    var env = hostingContext.HostingEnvironment;
                //    //config.Sources.Clear();
                //    config.SetBasePath(env.ContentRootPath);
                //    config.AddJsonFile("appinfo.json", optional: false, reloadOnChange: true);
                //    config.AddEnvironmentVariables();

                //}).UseUrls("https://" + LocalDataHelper.GetCurrentHostname() + ".domain.at:" + cfg.Port);
                webBuilder.UseIISIntegration().ConfigureAppConfiguration((hostingContext, config) =>
                {
                    var env = hostingContext.HostingEnvironment;
                    //config.Sources.Clear();
                    config.SetBasePath(env.ContentRootPath);
                    config.AddJsonFile("appinfo.json", optional: false, reloadOnChange: true);
                    config.AddEnvironmentVariables();

                }).UseUrls("https://" + LocalDataHelper.GetCurrentHostname() + ".domain.at:" + cfg.Port);
                webBuilder.UseStartup<Startup>();
            });
}

For nuget pkgs i have:

"Microsoft.AspNetCore.Authentication.Negotiate" Version="6.0.2" 
"jQuery" Version="3.6.0" 
"jquery.TypeScript.DefinitelyTyped" Version="3.1.2" 
"jQuery.Validation" Version="1.19.3" 
"Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="6.0.2" 
"Microsoft.AspNetCore.StaticFiles" Version="2.2.0" 
"Microsoft.Extensions.Configuration.Binder" Version="6.0.0" 
"Microsoft.IdentityModel" Version="7.0.0" 
"Microsoft.jQuery.Unobtrusive.Validation" Version="3.2.12" 
"Newtonsoft.Json" Version="13.0.1" 
"Microsoft.TypeScript.MSBuild" Version="4.5.3"

launchSettings.json:

{
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
    "iisExpress": {
      "applicationUrl": "http://localhost:60248",
      "sslPort": 6900,
      "windowsAuthentication": true,
      "anonymousAuthentication": false
    }
  },
    "profiles": {

        "Development": {
            "commandName": "Project",
            "environmentVariables": {
                "ASPNETCORE_ENVIRONMENT": "Development"
            }
        }
    }
}
Improve this question
2
  • Did you specify an authentication scheme. stackoverflow.com/questions/68916846/… Commented Mar 2, 2022 at 7:52
  • The web.config part did it, thank you very much. Must have overlooked it Commented Mar 3, 2022 at 7:37

1 Answer 1

Reset to default
3

as suggested out by Chaodeng, i tried the attribute thing as suggestest in the link which did not do it for me. However i looked through the linked post (How to use Windows authentication on ASP.NET Core subpath only?) and i saw the usage of a mini web.config, only containing

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <location path="." inheritInChildApplications="false">
        <system.webServer>
            <security>
                <authentication>
                    <anonymousAuthentication enabled="false" />
                    <windowsAuthentication enabled="true" />
                </authentication>
            </security>
        </system.webServer>
    </location>
</configuration>

which did it for me

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.