0

I created a server-side blazor application with Windows authentication. It works fine and returns the data from the database when running using IIS Express in Visual Studio 2019.

try
{
    var filtered = _context.Trades
        .Where(.....)
        .ToListAsync(cancellationToken)
        .ConfigureAwait(false);
    // ....
}
catch (Exception ex)
{
    // .... will display the exception message
}

Then I changed it to Kestrel. I expected to raise exception because I haven't do anything to make Kestrel to work with Windows authentication.

However, it doesn't raise any exception. The following information can be found in the output window.

Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed.

How to make sure it raises the exception?

BTW, how to make Kestrel works with Windows authentication?

Startup.cs updated for the answer.

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using BlazorApp1.Data;
using Microsoft.AspNetCore.Authentication.Negotiate;

namespace BlazorApp1
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddRazorPages();
            services.AddServerSideBlazor();
            services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();

            services.AddSingleton<WeatherForecastService>();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            app.UseAuthentication();
            app.UseAuthorization();

            app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseRouting();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapBlazorHub();
                endpoints.MapFallbackToPage("/_Host");
            });
        }
    }
}
ca9163d9
  • 27,283
  • 64
  • 210
  • 413

1 Answers1

0

How to make sure it raises the exception?

If you enabled the windows auth for the IIS, the request will not come to your codes, the IIS will refuse the request, so you will not get any exception message. To check this, you should check the IIS logs.

BTW, how to make Kestrel works with Windows authentication?

According to your description, I guess you just enabled the windows auth for the IIS not the Kestrel. So if you directly run the application form the Kestrel, it will not use windows auth.

To solve this issue, I suggest you could follow below steps to enable the windows auth for your asp.net core application.

1.Install the Microsoft.AspNetCore.Authentication.Negotiate package

  1. Add below codes into the Startup.cs ConfigureServices method

         services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();

  2. Add below codes into the Startup.cs Configure method

        app.UseAuthentication();
    app.UseAuthorization();

4.Then you could use dotnet run to test your application. You will find the windows auth will be enabled for your application.

If you used the Windows authentication in the Kestrel, you need to force the page to allow only login in user. To achieve this, I suggest you could add the Authorize attribute in the _Host.cshtml.

Details, you could refer to below _Host.cshtml.

@page "/"
@using Microsoft.AspNetCore.Authorization
@attribute [Authorize]
@namespace BlazorWindowsAuth.Pages
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>BlazorWindowsAuth</title>
    <base href="~/" />
    <link rel="stylesheet" href="css/bootstrap/bootstrap.min.css" />
    <link href="css/site.css" rel="stylesheet" />
</head>
<body>
    <app>
        @(await Html.RenderComponentAsync<App>(RenderMode.ServerPrerendered))
    </app>

    <script src="_framework/blazor.server.js"></script>
</body>
</html>
Brando Zhang
  • 22,586
  • 6
  • 37
  • 65
  • I created a new Blazor application with Windows authentication, installed the nuget package of `services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();`, and added the three lines of the code in the `Startup.cs`. However, the word "Hello, Domain\Username" in the `LoginDisplay.razor` is not displayed? – ca9163d9 Nov 29 '19 at 00:19
  • You need also add the Authorize attribute in the _Host.cshtml. Details, you could see my update answer. – Brando Zhang Nov 29 '19 at 01:43
  • I added the attribute `[Authorize]` in the _Host.cshtml, however, the up right corner still doesn't show the Hello message. The last line in the Kestrel output window shows `info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2] Authorization failed.`. – ca9163d9 Nov 29 '19 at 04:02
  • Could you please post the whole Startup.cs file's codes? This error means you don't register the auth for your application. – Brando Zhang Nov 29 '19 at 05:41
  • The full Start.cs file is posted in the question. – ca9163d9 Nov 29 '19 at 06:35
  • Please make sure the `app.UseAuthentication(); app.UseAuthorization();` is behind the `app.UseRouting();` and try again. – Brando Zhang Nov 29 '19 at 06:54
  • I changed it to `app.UseRouting(); app.UseAuthentication(); app.UseAuthorization();`, it still doesn't show the message. – ca9163d9 Nov 29 '19 at 07:05
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/203299/discussion-between-brando-zhang-and-ca9163d9). – Brando Zhang Nov 29 '19 at 07:09