ASP.NET Web API Self-Host with Windows Authentication

Question

I am trying to use the ASP.NET Web API Self-Host option with Windows authentication so I can determine the logged on user and ultimately accept or reject the user based on their

Answer 1

I've hit this issue as well and the only solution I've came up with is to deliver dedicated HttpSelfHostedConfiguration:

public class NtlmSelfHostConfiguration : HttpSelfHostConfiguration
{
    public NtlmSelfHostConfiguration(string baseAddress)
        : base(baseAddress)
    { }

    public NtlmSelfHostConfiguration(Uri baseAddress)
        : base(baseAddress)
    { }

    protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding)
    {
        httpBinding.Security.Mode = HttpBindingSecurityMode.TransportCredentialOnly;
        httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
        return base.OnConfigureBinding(httpBinding);
    }
}

To use it you just need to change one line (you don't need to set UseWindowsAuthentication anymore):

var config = new NtlmSelfHostConfiguration("http://myComputerName:8080");

The only issue with this approach is that authentication is now required for every request made to server which is using this configuration.