Home .net core and kestrel - best practices for using IIS as an intermediary for Windows Authentication?
Reply: 2

.net core and kestrel - best practices for using IIS as an intermediary for Windows Authentication?

R. StackUser
R. StackUser Published in 2017-09-13 20:30:53Z

I'm interested in porting my .NET MVC app to .NET core mvc and using kestrel as my webserver.

I know that kestrel itself doesn't support Windows Authentication, can anyone suggest ideas on using IIS as an intermediary for WA?

For example, a user hits a page on the IIS server to check credentials -> page sends an AES encrypted key with specific user/domain info to my kestrel server page to verify identity. Maybe fetching this information through an ajax call would work too.

Does this example seem reasonable from a performance/security point?

R. StackUser
R. StackUser Reply to 2017-09-16 01:03:31Z

I decided to go ahead and build this by:

1) Building a Net Core App on IIS with windows authentication enabled,

2) Passing an AES encrypted string with the user information + other information via URL to my kestrel server core apps,

3) Core Apps decrypt the key, check if it is still valid and the user info is valid.

4) Pass the encrypted string to a tempdata cookie and reload the url without the string so the user does not see any of the URL garbage.

This seems to work well, and the user doesn't see any indication via URL of any kind of authentication string, so I am now able to use any number of kestrel servers independent of IIS, only using IIS for the Windows Authentication where needed.

R. StackUser
R. StackUser Reply to 2017-09-19 19:59:44Z

A simpler alternative (albeit, after much research to find pertinent information for ASP core 2.0 specifically) is to use the built in HttpSys method of core 2.0 (as weblistener is now deprecated) along with Microsoft.AspNet.Identity.Core.


You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.309194 second(s) , Gzip On .

© 2016 Powered by cudou.com design MATCHINFO