Open Closed

Windows AND anonymous authentication #6236


0
peabaw created

Hello there

I have some problems getting Windows AND anonymous authentication to work. The login process is supposed to be like this:

  1. The user go to the angular site login. It should start an automatic AD/LDAP login process (as described at https://support.aspnetzero.com/QA/Questions/5370).
  2. If successful AD login, the user gets in.
  3. If unsuccessful, the user should return to the login page and be able to login using username and password as normal.

I have gotten some of this to work but when both Anonymous and Windows autentication is active in IIS, the User.Identity.IsAuthenticated is always false making LDAP login always unsuccessful.

I have changed the API web.config attribute forwardWindowsAuthToken="true".

I'm quite new to both IIS with .Net Core and especially Angluar, so any tips would be greatly appreciated!

Best regards // Andreas


8 Answer(s)
  • 0
    peabaw created

    I tried and added [Authorized] before the Authenticate method:

    [Authorize] public async Task

    I now get a populated User.Identity, but it now however fails with "Authorization.Users.UserManager - Invalid password for user X." so I guess something else has gone wrong now.

    Am I doing it the right way or should I completely change approach?

  • 0
    ismcagdas created

    Hi @peabaw

    Sorry for our late response. Have you found a way to do this ?

  • 0
    peabaw created

    Hi @ismcagdas

    Unfortunately no. I think the AlwaysTrueExternalAuthSource method will not work on a site with both Windows Auth and Anonymous access. I think it will only work on a site with only Windows Auth. In the db the source is AlwaysTrueExternalAuthSource instead of LDAP which might cause the password error as well.

    What I want to do seems to be a special case (thought it would be a common scenario for an entreprise solution to allow local user access and forms login for external users but I seem to be wrong).

    I do not have a good lead going forward or any reserve backup plan though. Any tips would therefore be very appreciated!

  • 0
    ismcagdas created

    @peabaw

    We might offer you a solution for MVC but we don't have a suggestion for implementing such an hybrid approach for Angular app.

    I think it will be better to search it on the web.

  • 0
    peabaw created

    @ismcagdas

    Thank you for all help. Might I just bother you to explain why it might be possible with MVC but not possible with Angular? It might help give me a clue.

  • 0
    alper created

    https://spikesapps.wordpress.com/2016/09/08/how-to-implement-windows-authentication-in-an-angularjs-application-with-a-stand-alone-web-api/

    https://stackoverflow.com/a/46442707/1767482

    https://www.c-sharpcorner.com/article/enable-windows-authentication-in-web-api-and-angular-app/

  • 0
    peabaw created

    @alper

    I think all of those links concerns Windows authentication only unfortunately. I have yet to find a guide for BOTH Windows and Anonymous authentication, especially with Angular och WebApi.

    My conclusion is that this might actually not be possible to do. Any ideas to "a workaraound"? Two sites, one each for every login? Some sort of external login solution who does the dual-authentication (i.e. first Windows, then forms login)?

  • 0
    alper created

    both Windows and Anonymous authentication is not possible. You need another website for anonymous authentication then use Identity Server to authenticate from the second website which is Windows authentication.