We would like to use Kestrel to host our web-api. We must support both NTLM and Negotiate authentication.
That should be possible with Core 3.0 https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.0&tabs=visual-studio
However when Kestrel responds to a challange only Negotiate scheme is returned. Has anyone managed to implement NTLM authentication with Kestrel?
The application runs on a Windows 10 machine
Basically we have followed the recommendations. First added Authentication to services:
services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
and then added authentication to the pipeline
app.UseAuthentication();
Also in the pipeline we have our own middleware to ensure user has been validated
app.UseMiddleware<ValidateAuthentication>();
Implementation looks like this
internal class ValidateAuthentication : IMiddleware
{
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
if (context.User.Identity.IsAuthenticated)
await next(context);
else
await context.ChallengeAsync();
}
}
Problem is that the challange response only has Negotiate
WWW-Authenticate Negotiate
I would have expected both NTLM and Negotiate
WWW-Authenticate NTLM, Negotiate
For .NET 6
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
app.UseAuthorization();
app.MapControllers().RequireAuthorization();
or instead of requiring auth for all controllers you can add the [Authorize] annotation to your Controller classes.