Base solution for your next web application
Open Closed

Windows AND anonymous authentication #6236


User avatar
0
peabaw created

Hello there

I have some problems getting Windows AND anonymous authentication to work. The login process is supposed to be like this:

  1. The user go to the angular site login. It should start an automatic AD/LDAP login process (as described at https://support.aspnetzero.com/QA/Questions/5370).
  2. If successful AD login, the user gets in.
  3. If unsuccessful, the user should return to the login page and be able to login using username and password as normal.

I have gotten some of this to work but when both Anonymous and Windows autentication is active in IIS, the User.Identity.IsAuthenticated is always false making LDAP login always unsuccessful.

I have changed the API web.config attribute forwardWindowsAuthToken="true".

I'm quite new to both IIS with .Net Core and especially Angluar, so any tips would be greatly appreciated!

Best regards // Andreas


8 Answer(s)
  • User Avatar
    0
    peabaw created

    I tried and added [Authorized] before the Authenticate method:

    [Authorize] public async Task<AuthenticateResultModel> Authenticate([FromBody] AuthenticateModel model)

    I now get a populated User.Identity, but it now however fails with "Authorization.Users.UserManager - Invalid password for user X." so I guess something else has gone wrong now.

    Am I doing it the right way or should I completely change approach?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @peabaw

    Sorry for our late response. Have you found a way to do this ?

  • User Avatar
    0
    peabaw created

    Hi @ismcagdas

    Unfortunately no. I think the AlwaysTrueExternalAuthSource method will not work on a site with both Windows Auth and Anonymous access. I think it will only work on a site with only Windows Auth. In the db the source is AlwaysTrueExternalAuthSource instead of LDAP which might cause the password error as well.

    What I want to do seems to be a special case (thought it would be a common scenario for an entreprise solution to allow local user access and forms login for external users but I seem to be wrong).

    I do not have a good lead going forward or any reserve backup plan though. Any tips would therefore be very appreciated!

  • User Avatar
    0
    ismcagdas created
    Support Team

    @peabaw

    We might offer you a solution for MVC but we don't have a suggestion for implementing such an hybrid approach for Angular app.

    I think it will be better to search it on the web.

  • User Avatar
    0
    peabaw created

    @ismcagdas

    Thank you for all help. Might I just bother you to explain why it might be possible with MVC but not possible with Angular? It might help give me a clue.

  • User Avatar
    0
    alper created
    Support Team

    https://spikesapps.wordpress.com/2016/09/08/how-to-implement-windows-authentication-in-an-angularjs-application-with-a-stand-alone-web-api/

    https://stackoverflow.com/a/46442707/1767482

    https://www.c-sharpcorner.com/article/enable-windows-authentication-in-web-api-and-angular-app/

  • User Avatar
    0
    peabaw created

    @alper

    I think all of those links concerns Windows authentication only unfortunately. I have yet to find a guide for BOTH Windows and Anonymous authentication, especially with Angular och WebApi.

    My conclusion is that this might actually not be possible to do. Any ideas to "a workaraound"? Two sites, one each for every login? Some sort of external login solution who does the dual-authentication (i.e. first Windows, then forms login)?

  • User Avatar
    0
    alper created
    Support Team

    both Windows and Anonymous authentication is not possible. You need another website for anonymous authentication then use Identity Server to authenticate from the second website which is Windows authentication.