13

I have a self-hosted SignalR application using OWIN. I would like to add Windows Authentication to the incoming requests. Is this possible?

I believe that I can add e.g. Forms Authentication via something like this.

However I can't find any way to use Windows Authentication to do something similar.

My fallback plan would be to host in IIS instead, but I would prefer to be able to keep my app as a Windows Service if I can.

Mark
  • 6,762
  • 1
  • 33
  • 50
Matthew Richards
  • 295
  • 3
  • 9

2 Answers2

25

Ideally there'd be an NTLM owin middlware but since there is none you can work around it by getting a handle on the HttpListener and enabling auth that way (it's natively supported by HttpListener):

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        var listener = (HttpListener)app.Properties[typeof(HttpListener).FullName];
        listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm;

        app.MapHubs();
    }
}
davidfowl
  • 37,120
  • 7
  • 93
  • 103
  • Thanks! This looks like it is doing the trick. I'm now getting a further problem that with NTLM auth enabled I get an `Access-Control-Allow-Origin` error. This looks like it's probably fixed [here](https://github.com/SignalR/SignalR/issues/1735) so I'll need to try getting the latest SignalR build when I have a moment to test it out. – Matthew Richards Jul 04 '13 at 08:53
  • I'm assuming you enable cross domain. Read this http://www.asp.net/signalr/overview/hubs-api/hubs-api-guide-javascript-client#crossdomain – davidfowl Jul 04 '13 at 16:17
  • Yes, I think I've got it all right - certainly it works if I comment out the `AuthenticationSchemes` line. I've raised a [separate question](http://stackoverflow.com/questions/17485046/signalr-cross-domain-connections-with-self-hosting-and-authentication) as it feels like this is a separate issue. – Matthew Richards Jul 05 '13 at 09:05
3

I was facing the same problem as you, and decided to implement a NTLM / Windows Authentication middleware;

You can find it on Nuget:

Install-Package Pysco68.Owin.Authentication.Ntlm

Sources and more detailed information on how-to use it are awailable here: https://github.com/pysco68/Pysco68.Owin.Authentication.Ntlm

The minimal usage example might look like:

public void Configuration(IAppBuilder app)
{
    // use default sign in with application cookies
    app.SetDefaultSignInAsAuthenticationType(
         DefaultAuthenticationTypes.ApplicationCookie);

    app.UseCookieAuthentication(new CookieAuthenticationOptions()
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie                
    });

    // Enable NTLM authentication
    app.UseNtlmAuthentication();

    // .....
}

Please note that for performance reasons I decided to stick with Cookie authentication in the end and to use NTLM just for the initial authentication round-trip (because of the high number of requests).

pysco68
  • 1,136
  • 9
  • 15