30285

Authenticate using Windows Authentication on single action and not whole application

Question:

I would like to authenticate using Windows Integrated Authentication on a <strong>single controller action</strong> instead of the global application. I have read many articles online and StackOverflow, but have not found an answer. <em>Note, I'm developing in Web API 2.0 and not MVC.</em>

That said, typically to enable Windows Authentication on your whole application, you'd do something like <a href="http://www.asp.net/web-api/overview/security/integrated-windows-authentication" rel="nofollow">Web API documentation describes</a>:

<system.web> <authentication mode="Windows" /> </system.web>

Under the covers, I'm not sure what this does exactly, but I have a suspicion I may be able to replicate it on a single controller action by implementing <a href="https://msdn.microsoft.com/en-us/library/system.web.http.filters.iauthenticationfilter.aspx" rel="nofollow">IAuthenticationFilter</a> as <a href="http://www.asp.net/web-api/overview/security/authentication-filters" rel="nofollow">described by Web API documentation</a>. However, I have not found a conclusive article explaining how do to this for Windows Integrated Authentication.

<strong>Example of my goal:</strong>

At the end of the day, I would like my single web API to accept a request from a client configured to use windows authentication in either of the following client scenarios:

<em>C#</em>

var handler = new HttpClientHandler() { UseDefaultCredentials = true }; var client = new HttpClient(handler);

<em>Browser</em>

$.ajax({ url: 'api/testauthentication', type: 'GET', dataType: 'json', xhrFields: { withCredentials: true } })

<strong>Edit #1</strong>

It has come to my attention it's worth noting I would like to accomplish the above programmatically and not through configuration files such as web.config, IIS settings, etc. Also, I'm using <a href="http://www.asp.net/web-api/overview/hosting-aspnet-web-api/use-owin-to-self-host-web-api" rel="nofollow">OWIN to host</a> the application on my servers.

Answer1:

Answer is based on this <a href="https://msdn.microsoft.com/en-us/library/system.net.httplistener.authenticationschemeselectordelegate" rel="nofollow">MSDN article</a>.

Essentially, you can define a custom delegate method which specifies which requests to authenticate using Integrated Windows Authentication.

builder in the following code refers to the IAppBuilder instance used in "Startup" code of OWIN self-hosting. See <a href="http://www.asp.net/web-api/overview/hosting-aspnet-web-api/use-owin-to-self-host-web-api" rel="nofollow">OWIN self-host article</a> for more details on this related topic.

OwinHttpListener httpListener = (OwinHttpListener)builder.Properties[typeof(OwinHttpListener).FullName]; httpListener.Listener.AuthenticationSchemeSelectorDelegate = new AuthenticationSchemeSelector(DetermineAuthenticationScheme);

Then define DetermineAuthenticationScheme delegate method similar to the following:

AuthenticationSchemes DetermineAuthenticationScheme( HttpListenerRequest request ) { if ( request == null ) { throw new ArgumentNullException( "request" ); } if ( request.RawUrl.IndexOf( "v1/foo", StringComparison.OrdinalIgnoreCase ) >= 0 ) { return AuthenticationSchemes.IntegratedWindowsAuthentication; } return AuthenticationSchemes.Anonymous; }

Answer2:

Have you seen the following post? <a href="http://www.scip.be/index.php?Page=ArticlesNET38" rel="nofollow">http://www.scip.be/index.php?Page=ArticlesNET38</a>. It appears to be fairly step by step. You didn't mention if you had deployed this or had this in IIS Express running through visual studio but the one part that stuck out to me was the setting change that was required in the IIS Configuration in “My Documents\IISExpress\config

<windowsAuthentication enabled="true">

Note that it appears this solution only covers the browser based portion of your question. For the non browser based portion, I am assuming that you would have to have the application receive the 401 response.

It looks like there is already a stackoverflow post that covers the HttpClient authentication using local windows credentials

<a href="https://stackoverflow.com/questions/12212116/how-to-get-httpclient-to-pass-credentials-along-with-the-request" rel="nofollow">How to get HttpClient to pass credentials along with the request?</a>

Recommend

  • WSO2 ESB 4.0.3 - Error installing Data Services feature from 4.0.* repositories
  • How to make http call with file in groovy to upload a file and build arguments
  • formediting modals shows at wrong position
  • Converting datatype Char to Nvarchar
  • What is corresponding c++ data type to SQL numeric(18,0) data type?
  • Google OAuth: can't get refresh token with authorization code
  • Sending cookie value via httpget but not getting the desired response
  • what makes a request a new request in asp.net C#
  • Bigquery event streaming and table creation
  • SetWindowsHookEx does not react on media keys
  • IE11 throwing “SCRIPT1014: invalid character” where all other browsers work
  • How to make jdk.nashorn.api.scripting.JSObject visible in plugin [duplicate]
  • pyodbc doesn't report sql server error
  • revitapi ironpython ToRoom returns “indexer # object”
  • Adjust width of select element according to selected option's width
  • System.InvalidCastException: Specified cast is not valid
  • How to convert workspace coordinates to screen coordinates?
  • CakePHP 2.0.4 - findBy magic methods with conditions
  • Hardware Accelerated Image Scaling in windows using C++
  • iOS: Detect app start via notification press
  • How to attach a node.js readable stream to a Sendgrid email?
  • Django rest serializer Breaks when data exists
  • Read a local file using javascript
  • Seeking advice on Jetty HttpClient Hang
  • Apache 2.4 and php-fpm does not trigger apache http basic auth for php pages
  • Hazelcast - OperationTimeoutException
  • RestKit - RKRequestDelegate does not exist
  • Circular dependency while pushing http interceptor
  • Revoking OAuth Access Token Results in 404 Not Found
  • AngularJs get employee from factory
  • How can I get HTML syntax highlighting in my editor for CakePHP?
  • How to set the response of a form post action to a iframe source?
  • How do I configure my settings file to work with unit tests?
  • Change div Background jquery
  • IndexOutOfRangeException on multidimensional array despite using GetLength check
  • sending mail using smtp is too slow
  • Busy indicator not showing up in wpf window [duplicate]
  • Why is Django giving me: 'first_name' is an invalid keyword argument for this function?
  • Binding checkboxes to object values in AngularJs
  • How can I use `wmic` in a Windows PE script?