C# – Windows and Anonymous Authentication in .Net Core 2.0

asp.netasp.net-coreauthenticationcnet

I'm trying to mix Windows and Anonymous authentication in a .Net Core 2.0 empty web app. I would like to avoid the [Authorize] attribute as I do not want to use Mvc or controllers.

My setup is as follows:

I created an empty .Net Core 2.0 web application
I went to project properties -> Debug -> Checked "Enable Windows Authentication" and disabled "Enable Anonymous Authentication".
Now "windowsAuthentication": true and "anonymousAuthentication": false appeared in my launchSettings.json under "IIS".
Inside Startup.cs, in ConfigureServices I added
services.AddAuthentication(Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme); as mentioned in https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x#windows-authentication-httpsys–iisintegration
I added a simple Console.WriteLine(context.User.Identity.Name); to see that it works inside app.Run and…
It all works!

However… as soon as I set "anonymousAuthentication" to true in launchSettings.json it stops working and I cannot figure out what can I do to make the Windows authentication work alongside with it. Context.User.Identity.IsAuthenticated is always false.
As you can see my configuration is very simple and I need it to stay this way. I want to enable/disable windows authentication on certain dynamic routes, so using controllers with the [Authorize] attribute is not an option.

What I'm trying to achieve is a simple app where the url "/authenticated" would reply with the value of context.User.Identity.Name and the url "/public" would reply with something like say "This is a public page!".
Something similar to NTLM authentication on specific route in ASP.NET Core but without the [Authorize] attribute and controllers.
The resources are very scarce… Anyone have any idea what I could be missing?
Thanks!

Best Answer

Anonymous takes precedence. You need to call httpContext.ChallengeAsync() when you get an anonymous request to a restricted part of your app. That will cause the client to send credentials on the next request. Here's a test that does this.

Related Solutions

.net – Difference between decimal, float and double in .NET

float and double are floating binary point types. In other words, they represent a number like this:

10001.10010110011

The binary number and the location of the binary point are both encoded within the value.

decimal is a floating decimal point type. In other words, they represent a number like this:

12345.65789

Again, the number and the location of the decimal point are both encoded within the value – that's what makes decimal still a floating point type instead of a fixed point type.

The important thing to note is that humans are used to representing non-integers in a decimal form, and expect exact results in decimal representations; not all decimal numbers are exactly representable in binary floating point – 0.1, for example – so if you use a binary floating point value you'll actually get an approximation to 0.1. You'll still get approximations when using a floating decimal point as well – the result of dividing 1 by 3 can't be exactly represented, for example.

As for what to use when:

For values which are "naturally exact decimals" it's good to use decimal. This is usually suitable for any concepts invented by humans: financial values are the most obvious example, but there are others too. Consider the score given to divers or ice skaters, for example.
For values which are more artefacts of nature which can't really be measured exactly anyway, float/double are more appropriate. For example, scientific data would usually be represented in this form. Here, the original values won't be "decimally accurate" to start with, so it's not important for the expected results to maintain the "decimal accuracy". Floating binary point types are much faster to work with than decimals.

Php – Enabling pretty permalinks on WordPress – apache configuration does not work

Make sure the AllowOverrides directive is set to all in the vhost - that's what tells apache to look for .htaccess files in the webroot.

A better solution is actually to put your rewrite directives in the vhost, as you clearly have write access to the file. When you have AllowOverrides on, apache will look in the directory and all parent directories for .htaccess files on every request, which can be a big performance hit.

For Wordpress, your vhost should look something like:

<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/site

    <Directory /var/www/site> 
        Options Indexes FollowSymLinks
        AllowOverride None 
        Order allow,deny 
        allow from all 

        RewriteEngine On
        RewriteBase /
        RewriteRule ^index\.php$ - [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule . /index.php [L]
    </Directory> 
</VirtualHost>

Best Answer

Related Solutions

.net – Difference between decimal, float and double in .NET

Php – Enabling pretty permalinks on WordPress – apache configuration does not work

Related Topic