NTLM authentication on specific route in ASP.NET Core

Question

Trying to implement subject in a test environment.

.UseWebListener(options=>
{
    options.ListenerSettings.Authent         


        

Answer 1

I'm doing something very similar using IIS, not WebListener, but maybe I can tell you a few things that can help.

You have configured WebListener as I did for my IIS to allow anonymous access but also to be able to negotiate authentification, that part should be fine.

But on the "/ntlm" url path, you have installed a CookieAuthentication middleware that will try to find a cookie in the incoming request to authenticate the user, and I don't think that's what you want. On the contrary, on the "/ntlm" path, you want to reuse the identity that would be coming from NTLM or Kerberos packet detected by WebListener. In my case, when properly setup, it's an IIS Middleware that is in charge of setting the identity. I would suggest:

• remove this UseCookieAuthentication when on "ntlm" path
• create a controller and an action with an "[Authorize]" attribute to trigger the authentication
• display the HttpContext.User.Identity.Name;
• hopefully you'll get the Windows user properly authenticated here