Aspnetcore.docs: [WinAuth] Lack of Detail: [Authorize] attribute requires additional configuration in Startup.cs

Hello @rbonomo ... AFAIK, that line refers directly to the following two sub-sections: IIS and HTTP.sys. AFAIK, it doesn't mean that there's more to say than what you see next.

@Tratcher is there anything else to say there? Here's the section under discussion ...

https://docs.microsoft.com/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.2&tabs=visual-studio#allow-anonymous-access

[EDIT] Yes ... even if my hunch is correct ... I see some opportunities here to improve the language. I'm going to schedule this for at least some minor updates.

The key addition people usually overlook is services.AddAuthentication(IISDefaults.AuthenticationScheme);

The language is a little 😵 scatter brained 😵 leading into the server code examples that follow ... it sounds exactly like @rbonomo described it ... like there's something else ... something not explained. I'll address it. Thanks @rbonomo. :rocket:

The key addition people usually overlook is services.AddAuthentication(IISDefaults.AuthenticationScheme);

It would be helpful if it also outlined what this line does/why it is necessary for Windows auth. If windows auth is enabled/disabled in IIS directly, what does this do? Also whether this line limits the app strictly to an IIS deployment. I couldn't find a description of this extension method.

Comments on closed issues are not tracked, please open a new issue with the details for your scenario.