问题
I noticed that when publishing my new Aspnet Core 1.1 (just updated to VS 2017) project it is always missing the forwardWindowsAuthToken="true" from the web.config.
More info and the fix I found was here:
https://developercommunity.visualstudio.com/content/problem/26751/publish-aspnet-core-to-iis-with-windows-authentica.html
I also tried adding:
services.Configure<IISOptions>(options => { options.ForwardWindowsAuthentication = true; });
to my ConfigureServices method but it didn't help.
So my question is, is there a way to get this to work properly? Some command line argument or other way to automate it other than having to manually edit the web.config after it has been deployed?
I don't think it matters, but this is a asp.net core 1.1 targeting 4.6.2 not core.
Edit: To clarify, adding the forwardWindowsAuthToken="true" works, the issue is its not automatically added like it is in our core 1.0 based projects. I'm wondering if there is a way to have that easily automated on generation of the web.config.
回答1:
So, I'm using IIS/Kestrel on .NET Core 1.1 compiled against full framework 4.6.2 and Windows authentication without issue. First thing, I have in my project a web.config with my config that gets published with my application, so I don't have to overwrite it everytime, it is part of my project and contains quite a lot of customization useful to me, unless I missunderstood you could use that as well. Then, in my case, forwardWindowsAuthToken="true" is good enough to be able to retrieve the windows authentication with a piece of code like that HttpContext.User.Identities.FirstOrDefault(id => id.GetType() == typeof(WindowsIdentity));
I think you are missing settings on the IIS level, forwardWindowsAuthToken is not enough, you also have to tell IIS that this particular web application is using windows authentication. To do so, I configure the "authentication" part of the web app, enable windows authentication, and pick the proper provider (negotiate in my case). If you just let the anonymous authentication enabled, then IIS won't ask to the client the identity of the user (using authentication protocol like negotiate and kerberos ticket) and won't transmit it to your .NET Core application.
来源:https://stackoverflow.com/questions/44057005/aspnet-core-1-1-missing-windows-authentication-when-published