Skip to content
This repository was archived by the owner on Nov 1, 2018. It is now read-only.

Kerberos Authentication Question #9

Closed
jruckert opened this issue Oct 6, 2015 · 3 comments
Closed

Kerberos Authentication Question #9

jruckert opened this issue Oct 6, 2015 · 3 comments
Labels
question

Comments

@jruckert
Copy link

jruckert commented Oct 6, 2015

Hi,

A couple of questions:

  1. Will the platform handler be able to support Kerberos Authentication?
  2. Will we be able to configure CORS support (specifically the un-authenticated OPTIONS request, before hitting authentication - as per https://fetch.spec.whatwg.org/#cors-preflight-fetch)?

Cheers,
Jonathan
@Tratcher
Copy link
Member

Tratcher commented Oct 6, 2015

  1. Yes it should, Kerberos is handled by the IIS native auth module. There shouldn't be any significant changes from how it works today with .NET 4.5.
  2. After I implement Implement a full authentication handler #1 you'll be able to enable mixed auth (Anonymous & Negotiate/NTLM/Negotiate/Kerberos). This should allow you to process anonymous CORS requests but then require authorization for other endpoints like MVC controllers.

@jruckert
Copy link
Author

jruckert commented Oct 6, 2015

Thanks @Tratcher for the information.

I am still a little bit confused about how you intend to implement/configure the mixed auth scenario.

Will we have to configure the authentication in both IIS and the middleware?

  1. Configure IIS for both "Windows Auth" + "Anonymous" and,
  2. Configure the middleware early on the piece to allow both "Windows" and "Anonymous".

Will there be a policy builder or something similar, so we can configure a couple of variants up front and then selectively decide based on which environment which policy to apply (similar to how CORS is setup)? I have a specific requirement on deploying the same code base (Web API's) but with different authentication options?

@Tratcher
Copy link
Member

Tratcher commented Oct 8, 2015

I plan to plug it into the existing authentication framework used in the aspnet/security repo. That framework separates authentication from authorization. This middleware will be responsible for authentication (e.g. getting you a windows identity), but then you'll use the authorization framework (e.g. the [Authorize] attribute and policies) to decide if that user gets access to specific content.

jkotalik pushed a commit that referenced this issue Mar 2, 2018
@jkotalik
# This is a combination of 9 commits.
7bc5983 
# This is the 1st commit message:

fix app recycle logic

# The commit message #2 will be skipped:

# adding parallel shutdown logic

# The commit message #3 will be skipped:

# some update

# The commit message #4 will be skipped:

# more change

# The commit message #5 will be skipped:

# close hkey

# The commit message #6 will be skipped:

# update logging

# The commit message #7 will be skipped:

# remove unused code

# The commit message #8 will be skipped:

# format change

# The commit message #9 will be skipped:

# exclude not-subapp case while sudstring does match
# Please enter the commit message for your changes. Lines starting
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tratcher @jruckert