Setup for IIS WebApi windows authentication #58311
-
Hello everyone, LE: sorry if I'm posting this question in the wrong category / repository. I have two applications hosted on IIS:
The authentication service on the client blazor is calling the server (only here I can add services.AddHttpClient("WebApiWindows", client => client.BaseAddress = new Uri(config["ApiURL"]))
.ConfigurePrimaryHttpMessageHandler(handler => new HttpClientHandler { UseDefaultCredentials = true }); and in the controller: private readonly HttpClient _windowsClient;
public AuthenticationController(IHttpClientFactory clientFactory)
{
_windowsClient = clientFactory.CreateClient("WebApiWindows");
} API hosted on IIS has:
The problem is I am getting the blazor app pool identity, instead of the user how access the blazor app. I'm not sure exactly how and where to implement Impersonation according to the Microsoft Docs. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Never mind. I've managed to make it work by using the provided sample by docs. private readonly HttpClient _windowsClient;
public AuthenticationController(IHttpClientFactory clientFactory)
{
_windowsClient = clientFactory.CreateClient("WebApiWindows");
}
[HttpGet("authenticate-windows")]
[Authorize(AuthenticationSchemes = IISDefaults.AuthenticationScheme)]
public async Task<IActionResult> AuthenticateWindows()
{
HttpResponseMessage authResponse = null;
var user = User.Identity as WindowsIdentity;
await WindowsIdentity.RunImpersonatedAsync(user.AccessToken, async () =>
{
authResponse = await _windowsClient.GetAsync("security/authenticate-windows");
});
if (authResponse.IsSuccessStatusCode)
{
return Ok(await authResponse.Content.ReadAsStringAsync());
}
return StatusCode((int)authResponse.StatusCode, authResponse.ReasonPhrase);
} |
Beta Was this translation helpful? Give feedback.
Never mind. I've managed to make it work by using the provided sample by docs.
I've added this in the Blazor.Server authentication controller: