ASP.Net Core 2: Quick and Dirty Windows Authentication

410329-636167162756711825-16x9.jpgHere’s the bare minimum you need to add to your ASP.Net Core 2 application to restrict it to certain Windows Active Directory groups.

 

 

 

Step 1: Enable Windows Authentication in the Project Properties:

2018-06-06_14-32-08.png

Step 2: add this to your Web.Config <aspNetCore> node:

 <aspNetCore forwardWindowsAuthToken="true"

Step 3: Enable Windows Authentication in IIS

2018-06-06_14-33-18.png

Step 4: Add Authentication to the ConfigureServices call in your Startup.cs

        public void ConfigureServices(IServiceCollection services)
        {
            // IISDefaults requires the following import:
            // using Microsoft.AspNetCore.Server.IISIntegration;
            services.AddAuthentication(IISDefaults.AuthenticationScheme);
 
            services.Configure<IISOptions>(options => {
                options.AutomaticAuthentication = true;
                options.ForwardClientCertificate = true;
            });

Step 5: Add this to your Configuration call in Startup.cs

app.UseAuthentication();

Step 6: Add [AllowAnonymous] to Controllers which need anonymous access

Step 7: Add [Authorize(Roles…)] to controllers that need to be restricted

namespace App.Web.Areas.Kxg.Controllers
{
 
    [Authorize(Roles = "MyAD\\Developer,MyAD\\IT_Support_Desk_Staff ")]
    [Area("MyArea")]
    public class CustomerSearch : Controller

Bonus!

To get a list of the Groups used in [Authorize], in PowerShell type:

whoami /groups

ps.png

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s