I have read the article in this link and it describes the exact scenario I am trying to acheive.
I am trying to achieve ADFS Impersonation as described below:
The ADFS settings have been applied, how do I enable an ASP Core API to accept the credentials? My ASP Core API is already Windows Auth (Negotiate) enabled. Extension snippet below:
/// https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-6.0&tabs=visual-studio
/// Install-Package Microsoft.AspNetCore.Authentication.Negotiate
/// </summary>
/// <param name="services"></param>
public static void ConfigureAuthentication(this IServiceCollection services)
{
// https://stackoverflow.com/questions/63150369/how-to-config-addauthorization-on-net-core-in-order-to-allow-roles-for-multiple
services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
// replace the handler
var serviceDescriptor = new ServiceDescriptor(typeof(NegotiateHandler),
typeof(NtlmNegotiateHandler),
ServiceLifetime.Transient);
services.Replace(serviceDescriptor);
services.AddAuthorization(options =>
{
options.FallbackPolicy = options.DefaultPolicy;
});
}
The solution in the article is this:
client code
This is my code on the front-end connecting to the back end service.
HttpClientHandler handler = new HttpClientHandler();
handler.UseDefaultCredentials = true;
handler.Credentials CredentialCache.DefaultCredentials;
handler.PreAuthenticate = true;
HttpClient client = new HttpClient(handler);
I'm getting 401 Unauthorized on an API which should allow access.
