Open Closed

Windows AND anonymous authentication #6236


0
peabaw created

Hello there

I have some problems getting Windows AND anonymous authentication to work. The login process is supposed to be like this:

  1. The user go to the angular site login. It should start an automatic AD/LDAP login process (as described at https://support.aspnetzero.com/QA/Questions/5370).
  2. If successful AD login, the user gets in.
  3. If unsuccessful, the user should return to the login page and be able to login using username and password as normal.

I have gotten some of this to work but when both Anonymous and Windows autentication is active in IIS, the User.Identity.IsAuthenticated is always false making LDAP login always unsuccessful.

I have changed the API web.config attribute forwardWindowsAuthToken="true".

I'm quite new to both IIS with .Net Core and especially Angluar, so any tips would be greatly appreciated!

Best regards // Andreas


6 Answer(s)
  • 0
    peabaw created

    I tried and added [Authorized] before the Authenticate method:

    [Authorize] public async Task

    I now get a populated User.Identity, but it now however fails with "Authorization.Users.UserManager - Invalid password for user X." so I guess something else has gone wrong now.

    Am I doing it the right way or should I completely change approach?

  • 0
    ismcagdas created

    Hi @peabaw

    Sorry for our late response. Have you found a way to do this ?

  • 0
    peabaw created

    Hi @ismcagdas

    Unfortunately no. I think the AlwaysTrueExternalAuthSource method will not work on a site with both Windows Auth and Anonymous access. I think it will only work on a site with only Windows Auth. In the db the source is AlwaysTrueExternalAuthSource instead of LDAP which might cause the password error as well.

    What I want to do seems to be a special case (thought it would be a common scenario for an entreprise solution to allow local user access and forms login for external users but I seem to be wrong).

    I do not have a good lead going forward or any reserve backup plan though. Any tips would therefore be very appreciated!

  • 0
    ismcagdas created

    @peabaw

    We might offer you a solution for MVC but we don't have a suggestion for implementing such an hybrid approach for Angular app.

    I think it will be better to search it on the web.

  • 0
    peabaw created

    @ismcagdas

    Thank you for all help. Might I just bother you to explain why it might be possible with MVC but not possible with Angular? It might help give me a clue.

  • 0
    alper created

    https://spikesapps.wordpress.com/2016/09/08/how-to-implement-windows-authentication-in-an-angularjs-application-with-a-stand-alone-web-api/

    https://stackoverflow.com/a/46442707/1767482

    https://www.c-sharpcorner.com/article/enable-windows-authentication-in-web-api-and-angular-app/