identity server 4 windows authentication

问题

I have followed a combination of these three resources for getting started with Identity Server 4.

1. IdentityServer4.Quickstart.UI
2. 4_ImplicitFlowAuthenticationWithExternal
3. Combined_AspNetIdentity_and_EntityFrameworkStorage

The combination of the three were used in order to store users within the the database even from external providers. Also store Identity Server 4 configurations such as claims, roles, clients, and resources. My main issue right now is when running in IIS Express windows authentication works as expected. Once I publish to a full IIS server on my local machine I get a repeated popup to login when I hit the Windows external login page. I do not get that popup when running Identity Server 4 within IIS Express. In IIS Express, I am able to click the windows external authentication button. It routes through the app properly and successfully completes the login.

Any and all help is highly appreciated. I tried to include as many reproduction steps as possible so let me know if there is anything not clear.

Repeating Login Popup:

IIS is setup with Windows Auth and Anonymous Auth enabled.

Setup.CS (ConfigureServices method)

public void ConfigureServices(IServiceCollection services) {
        // Windows authentication is supported only by hosting Kestrel (Asp.net Core Web Server inside iis as a reverse proxy)
        // It is different than other Authentication methods because you don't Add the Authentication middleware like above.
        services.Configure<IISOptions>(options => {
            options.AuthenticationDisplayName = "Windows";
            options.AutomaticAuthentication = true;
        });

        services.AddMvc();

Program.cs

public static IWebHost BuildWebHost(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseKestrel()
            .UseContentRoot(Directory.GetCurrentDirectory())
            .UseIISIntegration()
            .UseStartup<Startup>()
            .Build();

回答1:

Given your code works in express but not full, IIS is probably having a permission problem verifying the windows creds you are entering. Make sure your app pool account has access to validate creds in your domain.

回答2:

I luckily answered this myself. This in fact was not a software developer issue but was an environment configuration issue. Local loopback check since the app was deployed locally was causing the issue. https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate

来源：https://stackoverflow.com/questions/50255110/identity-server-4-windows-authentication