Windows and Anonymous Authentication in .Net Core 2.0

Question

I\'m trying to mix Windows and Anonymous authentication in a .Net Core 2.0 empty web app. I would like to avoid th

Answer 1

Tratcher's answer saved me after some wasted time on this topic. For a very simple scenario (anonymous controller + windows authentication restricted in the rest), here is a quick start (middleware):

public class NtlmAndAnonymousSetupMiddleware
{
    private readonly RequestDelegate next;

    public NtlmAndAnonymousSetupMiddleware(RequestDelegate next)
    {
        this.next = next;
    }

    public async Task Invoke(HttpContext context)
    {
        if (context.User.Identity.IsAuthenticated || context.Request.Path.ToString().StartsWith("/Anonymous"))
        {
            await next(context);
            return;
        }

        await context.ChallengeAsync("Windows");
    }

}

I have just plugged this in at the beginning of Startup.Configure method:

app.UseMiddleware<NtlmAndAnonymousSetupMiddleware>();

Answer 2

Anonymous takes precedence. You need to call httpContext.ChallengeAsync() when you get an anonymous request to a restricted part of your app. That will cause the client to send credentials on the next request. Here's a test that does this.