In my asp net core backend I use Windows Authentication to secure some endpoints. In my Programm.cs I add the Authentication/Authorization like that:
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("SoftwarePolicy", policy =>
{
policy.RequireRole(@"Mygroup");
});
});
This works perfectly fine in the browser and it also works when using a private browsing tab (then a window opens and i first have to login to access the endpoint)
Now back to my problem: I want to grant access to my backend for another developer, so I created a dev tunnel
I configured it like that: Tunnel Type: Persistent Access: Public
Now if I want to access the api using the dev tunnel a login window opens,then I login with the same information as I always do, but now it always says Unauthorized or forbidden
The access to endpoints without Authentication works fine.
I tried different Policies e. g. RequireUserName with my username but I still get no access
Intranet penetration tools such as Devtunnel (or Ngrok) do not support windows authentication.
After checking the URL create by DevTunnel (such as https://23***k-7189.euw.devtunnels.ms/) by nslookup command, we will find that the IP 168.63.129.16 is used.
Then the application with Windows authentication enabled will always authenticate with 168.63.129.16 after penetrating the intranet, so it cannot be used.