Securing the Service Fabric Stateless WebAPI Endpoint with Windows Authentication

Question

I'm planning to use Service Fabric as a cache tool for my web applications.

Within Service Fabric, I have:

• A stateful application to store my cache objects
• A stateless WebAPI application to act as an endpoint for other applications to talk to the stateful application. The WebAPI uses OWIN self-host. (see screenshot)

Both are in the same cluster. The stateless WebAPI will act as an endpoint for exposure. The idea is for my external applications to hit the API to GET/POST/DELETE cache onto the stateful application.

I'm trying to secure the WebAPI using Windows Authentication (see screenshot) so only users on my domain can call the API. Is this feature even possible within Service Fabric because I'm not using IIS? Should I include something else in the App.config?

<system.web>
<membership defaultProvider="ClientAuthenticationMembershipProvider">
  <providers>
    <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientWindowsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" connectionStringName="DefaultConnection" credentialsProvider="" />
  </providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
  <providers>
    <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" connectionStringName="DefaultConnection" />
  </providers>
</roleManager>

Answer 1

You can configure windows authentication in OWIN. Read this.