Aspnetcore: Windows Authentication (Kerberos/NTLM) in asp.net core linux

@blowdart

We use Negotiate currently with Kestrel. I am happy to help with this.

@Drawaes Negotiate auth schema working in Linux now?

Only Kerberos for Linux but yeah using gassapi but I haven't published
because I haven't seen much interest

On Thu, 12 Jul 2018, 08:37 FZ14, notifications@github.com wrote:

@Drawaes https://github.com/Drawaes Negotiate auth schema working in
Linux now?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/aspnet/KestrelHttpServer/issues/2716#issuecomment-404418647,
or mute the thread
https://github.com/notifications/unsubscribe-auth/APpZuRVz6M3QKUNi3T01m5mlV43Emphaks5uFvylgaJpZM4VMKGx
.

@Drawaes Maybe you show some samples with this solution for Windows Auth in linux?:)

There's certainly no official support, because it'd take external libraries. It's something we are considering, but it's not high on the list of priorities.

Most of the enterprise development would rely on AD authentication. Please make this a high priority.

Agree with @tejpratapsingh. In my case the choice was made in favor of Java Spring, because Asp.Net core not support windows integrated authentication officialy :(

I thought normally for Spring you put it behind Apache to get Ntlm etc. There is no reason you can put aspnet core behind IIS or ngix and get the same result.

@FZ14 @tejpratapsingh @blowdart . I wonder if we all work for the same company lol. We also have to use Java/Spring. We are a very large company and really need the kerberos support. Even if its just instructions on how to do an apt-get or some other package and supply the kb5.conf. It appears you guys are close, or ready to support it, this is my current error with trusted_security = true. and using just the Data.SqlClient

"Cannot access Kerberos ticket. Ensure Kerberos has been initialized with 'kinit'.\nErrorCode=InternalError, Exception=Interop+NetSecurityNative+GssApiException: GSSAPI operation failed with error - An invalid status code was supplied (SPNEGO cannot find mechanisms to negotiate).\n

@DamianEdwards for awareness.

SQL using integrated auth on Linux just looks like a config issue and is separate to the OP issue of no support in asp.net core

Cough, cough

Here is one for windows... Feature or issues are welcome I will work on the Linux one if there is interest

It's not a proper aspnet core auth provider but I am happy to make it so if people care enough

https://www.nuget.org/packages/CondenserDotNet.Middleware/

See https://github.com/aspnet/Security/issues/1622

@Drawaes, we're interested at my company in Windows Auth on Linux and inside containers.
Can CondenserDotNet be used on Linux?

This has been an issue within my organization as well. We run cloud foundry and have no desire to launch windows images just to be able to configure windows auth. It's surprising to hear how this isn't a priority when it's very common to have Windows AD as the identity provider with a dominantly linux enterprise environment. @blowdart please bring this into your current iteration.

Same Here, we want to switch to NGNIX on Red Hat in a Big Enterprise Environment and missing AD authentication is a complete showstoper.

Why don't you do the auth at NGNIX in this case? Surely this is only an issue (that I think is useful) for people running raw Kestrel.

Ok then my understanding of auth and reverse proxies is not deep enough

Closing as a duplicate of https://github.com/aspnet/AspNetCore/issues/4662, which we're prototyping for 3.0.

@fngch Comments on closed issues are not tracked, please open a new issue with the details for your scenario.

Client errors should be reported here: https://github.com/dotnet/corefx

Hello @Drawaes, I try to integrate Kerberos authentication in my code (core 2/3) and it still not working. Can you help me with this?