Windows Authentication and Angular 7 application

醉酒当歌 提交于 2020-07-19 11:01:49

问题


I have developed intranet application

Backend: ASP.NET WEB API-2 (All controllers have Authorize attribute), Frontend: Angular 7 (after prod build I moved generated scripts to my backend project):

....
  <app-root> 
      <div id="preloader"></div>
  </app-root>


  <script type="text/javascript" src="~/Scripts/SPA/runtime.26209474bfa8dc87a77c.js"></script>
  <script type="text/javascript" src="~/Scripts/SPA/es2015-polyfills.bda95d5896422d031328.js" nomodule></script>
  <script type="text/javascript" src="~/Scripts/SPA/polyfills.8bbb231b43165d65d357.js"></script>
  <script type="text/javascript" src="~/Scripts/SPA/main.122a2bd84f391ab8df1d.js"></script>
</body>

The problem is am getting prompted to enter my username/password after deployment to server.If user enters credentials it works perfectly, but I want the application to grab logged user automaticaly.

this is my web.config

<authentication mode="Windows" />
   <authorization>
     <deny users="?" />
   </authorization>

this is my interceptor in angular

import { Injectable } from '@angular/core';
import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
import { Observable } from 'rxjs';

@Injectable()
export class CredentialsInterceptor implements HttpInterceptor {
    intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
        request = request.clone({
            withCredentials: true
        });

        return next.handle(request);
    }
}

in Visual Studio 2019 project settings

Anonymous Authentication:Enabled

Windows Authentication:Enabled

Managed Pipeline Mode: Integrated

Global.asax

protected void Application_BeginRequest(Object sender, EventArgs e)
       {
           //Preflight request comes with HttpMethod OPTIONS
           //The following line solves the error message
           //HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost:4202");
           HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");
           if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
           {
               HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache");
               HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST");
               HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept, Pragma, Cache-Control, Authorization");
               HttpContext.Current.Response.End();
           }
       }

回答1:


The fact that everything works when you type in your credentials means that this is a client-side problem, not server-side. The browser is not automatically sending your credentials.

Chrome and IE will automatically send the credentials of the currently-logged-on user only if the site is in the list of Trusted Sites in Internet Options.

  1. Open the Start menu.
  2. Type in "Internet Options" and click on it.
  3. Click the 'Security' tab.
  4. Click on the 'Trusted Sites' icon.
  5. Click the 'Sites' button.
  6. Add the domain for your website to the list. You can use wildcards.

This can also be set via group policy, so the setting can be pushed to every computer in your organization. See the answer here.

Firefox uses its own setting: network.negotiate-auth.delegation-uris. I'm sure that could be set via group policy somehow too.




回答2:


You also need to allow SupportsCredentials in cross-origin requests.

Server Side (Web API):

Set the SupportsCredentials property to true on the [EnableCors] attribute:

[EnableCors(origins: "http://exampleclient.com", headers: "*", 
methods: "*", SupportsCredentials = true)]


来源:https://stackoverflow.com/questions/57768965/windows-authentication-and-angular-7-application

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!