Mixing IntegratedWindowsAuthentication and Anonymous with Katana selfhost

Question

I have a basic web API app that tries to support IntegratedWindowsAuthentication & Anonymous. Sample code is below,

using (WebApp.Start("http://localhost:8080/", (app) =>
{
    HttpConfiguration config = new HttpConfiguration();
    config.MapHttpAttributeRoutes();
    config.EnsureInitialized();

    HttpListener listener = (HttpListener)app.Properties["System.Net.HttpListener"];
    listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication | AuthenticationSchemes.Anonymous;

    app.UseWebApi(config);
}))       



public class TestController : ApiController
{
    [Authorize]
    [Route("Secret")]
    public int Get()
    {
        return 42;
    }

    [Route("Public")]
    public int GetNoSecurity()
    {
        return 42;
    }
}

Expectation is that ~/Secret requires credentials and ~/Public doesn’t.

Things work fine with Fiddler but not with a browser. Hitting ~/Secret from chrome/IE doesn’t popup the credentials message box.

What does the www-authenticate header come back as in fiddler? — Tratcher, Jul 30 '14 at 20:48
IntegratedWindowsAuthentication isn't intended to pop up a dialog, it uses the domain credentials of the current user. This should work in IE, but I don't think it works in Chrome. The client computer must also be on the same domain as the webserver. — Tratcher, Sep 23 '14 at 15:58

Mixing IntegratedWindowsAuthentication and Anonymous with Katana selfhost

0 Answers0