Search code examples
c#blazorwindows-authentication

Blazor App Server Windows authentication not working after publish

I wanted to create a test application that simply does automatically authorize the user with Windows authentication. Purpose was to test and figure out how basic Windows authentication works, and what I can do with it.

The authentication works when I start the application in Visual Studio 2019. But when I publish the application, and start it locally it does not work anymore. I dont get authenticated anymore.

I created a new Blazor App, Server Side with Authentication method Windows Authentication and overwrote the FetchData.razor page with the following code. I copied this from Microsoft Docs

@page "/fetchData"
@using System.Security.Claims
@using Microsoft.AspNetCore.Components.Authorization
@inject AuthenticationStateProvider AuthenticationStateProvider

<h3>ClaimsPrincipal Data</h3>

<button @onclick="GetClaimsPrincipalData">Get ClaimsPrincipal Data</button>

<p>@_authMessage</p>

@if (_claims.Count() > 0)
{
    <ul>
        @foreach (var claim in _claims)
        {
            <li>@claim.Type: @claim.Value</li>
        }
    </ul>
}

<p>@_surnameMessage</p>

@code {
    private string _authMessage;
    private string _surnameMessage;
    private IEnumerable<Claim> _claims = Enumerable.Empty<Claim>();

    private async Task GetClaimsPrincipalData()
    {
        var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
        var user = authState.User;

        if (user.Identity.IsAuthenticated)
        {
            _authMessage = $"{user.Identity.Name} is authenticated.";
            _claims = user.Claims;
            _surnameMessage =
                $"Surname: {user.FindFirst(c => c.Type == ClaimTypes.Surname)?.Value}";
        }
        else
        {
            _authMessage = "The user is NOT authenticated.";
        }
    }
}

When I execute this on Visual Studio 2019 on my local computer it works perfectly fine. I can press the button, I am authenticated and all my claims get listed aswell. Then I clean the solution, build again and then publish it without any errors.

I start up the fully published application on my local computer, press the button and it tells me that I am not authenticated. Which I dont understand because the thing that has changed, is that its a published application.

I checked my launchSettings -> windowsAuthentication is True, anonymousAuthentication is False as it should be.

I didnt find anything online and I hope someone knows what causes the problem

Thanks for any help

Solution

  • When you publish the app to IIS, make sure there's Windows Auth is specified in web.config. For IIS, It would look like:

      <system.webServer>
    <security>
      <authentication>
        <windowsAuthentication enabled="true" />
        <anonymousAuthentication enabled="false" />
      </authentication>
    </security>
  </system.webServer>

    See MS Docs: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio