How to correctly implement Windows Authentication with Identity server 4? Are there any samples to do that?
I looked at the source code of IdentityServer 4 and in the H
Like me, you have probably ended up here after having followed all the ASP.NET Identity / IdentityServer 4 quickstarts and tutorials you can find in the hopes of getting your Windows Authentication working but failing with an exception of:
Exception: External authentication error
Host.Quickstart.Account.ExternalController.Callback() in ExternalController.cs, line 89
You then may have discovered that result?.Succeeded
is false after the call to HttpContext.AuthenticateAsync(...)
in the Callback
function and the rest of the results properties are null
...
The reason for this is due to the fact that the authentication scheme being validated during the callback is IdentityConstants.ExternalScheme
...
However, during the ProcessWindowsLoginAsync
function the call to HttpContext.SignInAsync
is setup to use the authentication scheme of IdentityServerConstants.ExternalCookieAuthenticationScheme
, which doesn't match what the callback is expecting and in turn causes your Windows Authentication attempt to fail.
So all we need to do to resolve this problem is to change the call to HttpContext.SignInAsync
to match the scheme expected by the callback:
await HttpContext.SignInAsync(IdentityConstants.ExternalScheme, new ClaimsPrincipal(id), props);
Having done this your login using Windows Authentication will be successful and your "victory dance" can begin!!!
Without his solution I'd probably still be tearing hair out over this.
Dan also mentions that you should change Properties.Items["scheme"]
to "LoginProvider"
...
This is however unnecessary and will cause the FindUserFromExternalProviderAsync
function to fail, as it expects the login provider to be supplied in the "scheme"
property.
The IdentityServer quickstart source seems to have been updated since Dan posted his answer, so I thought it best to post an update for those of you facing the same issue.