发布时，Aspnet Core 1.1缺少Windows身份验证 [英] Aspnet Core 1.1 Missing Windows Authentication when published

问题描述

我注意到，发布新的Aspnet Core 1.1（仅更新到VS 2017）项目时，它始终会从web.config中丢失 forwardWindowsAuthToken = true 。

更多信息和我发现的解决方法在这里：

I noticed that when publishing my new Aspnet Core 1.1 (just updated to VS 2017) project it is always missing the forwardWindowsAuthToken="true" from the web.config.

More info and the fix I found was here:

https://developercommunity.visualstudio.com/content/problem/26751/publish-aspnet-core-to-iis-with-windows-authentica.html

I also tried adding:

services.Configure<IISOptions>(options => { options.ForwardWindowsAuthentication = true; });

to my ConfigureServices method but it didn't help.

So my question is, is there a way to get this to work properly? Some command line argument or other way to automate it other than having to manually edit the web.config after it has been deployed?

I don't think it matters, but this is a asp.net core 1.1 targeting 4.6.2 not core.

Edit: To clarify, adding the forwardWindowsAuthToken="true" works, the issue is its not automatically added like it is in our core 1.0 based projects. I'm wondering if there is a way to have that easily automated on generation of the web.config.

解决方案

So, I'm using IIS/Kestrel on .NET Core 1.1 compiled against full framework 4.6.2 and Windows authentication without issue. First thing, I have in my project a web.config with my config that gets published with my application, so I don't have to overwrite it everytime, it is part of my project and contains quite a lot of customization useful to me, unless I missunderstood you could use that as well. Then, in my case, forwardWindowsAuthToken="true" is good enough to be able to retrieve the windows authentication with a piece of code like that HttpContext.User.Identities.FirstOrDefault(id => id.GetType() == typeof(WindowsIdentity));

I think you are missing settings on the IIS level, forwardWindowsAuthToken is not enough, you also have to tell IIS that this particular web application is using windows authentication. To do so, I configure the "authentication" part of the web app, enable windows authentication, and pick the proper provider (negotiate in my case). If you just let the anonymous authentication enabled, then IIS won't ask to the client the identity of the user (using authentication protocol like negotiate and kerberos ticket) and won't transmit it to your .NET Core application.

这篇关于发布时，Aspnet Core 1.1缺少Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！