ASP.Net Core 2: Quick and Dirty Windows Authentication

410329-636167162756711825-16x9.jpgHere’s the bare minimum you need to add to your ASP.Net Core 2 application to restrict it to certain Windows Active Directory groups.




Step 1: Enable Windows Authentication in the Project Properties:


Step 2: add this to your Web.Config <aspNetCore> node:

 <aspNetCore forwardWindowsAuthToken="true"

Step 3: Enable Windows Authentication in IIS


Step 4: Add Authentication to the ConfigureServices call in your Startup.cs

        public void ConfigureServices(IServiceCollection services)
            // IISDefaults requires the following import:
            // using Microsoft.AspNetCore.Server.IISIntegration;
            services.Configure<IISOptions>(options => {
                options.AutomaticAuthentication = true;
                options.ForwardClientCertificate = true;

Step 5: Add this to your Configuration call in Startup.cs


Step 6: Add [AllowAnonymous] to Controllers which need anonymous access

Step 7: Add [Authorize(Roles…)] to controllers that need to be restricted

namespace App.Web.Areas.Kxg.Controllers
    [Authorize(Roles = "MyAD\\Developer,MyAD\\IT_Support_Desk_Staff ")]
    public class CustomerSearch : Controller


To get a list of the Groups used in [Authorize], in PowerShell type:

whoami /groups


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s