Comments (8)
pysco68
commented on July 26, 2024
Hello Josh, I'll look into your issue in the next days, I was on vacation the last month, so sorry for the delay!
from pysco68.owin.authentication.ntlm.
jpsullivan
commented on July 26, 2024
No worries about the delay! I appreciate you giving things a look though. Sadly I couldn't ever get things working. Haha I tried just about everything. Nothing looked out of place while stepping through either.
from pysco68.owin.authentication.ntlm.
pysco68
commented on July 26, 2024
Hi again Josh,
I looked at the code you provided, and on a first sight it looks perfectly right to me. Still I see some possible issues, so let me ask some questions. The first one I have is, what are you hosting your OWIN application in? If it is IIS (or any HTTP server/proxy in front of your application) have you made sure it does not process the NTLM/Kerberos stuff? (this answers your question about the Windows Authentication setting in the project; it should be off, as this is just a UI tuning some of the environments settings)
from pysco68.owin.authentication.ntlm.
jpsullivan
commented on July 26, 2024
I tested with both IISExpress (straight through VS) and a local IIS instance, and both ended up giving me the same results. And yeah, as you mentioned, there should never have been a need to enable Windows Authentication so I never did.
I should also mention that I did manage to get this working, albeit with a different library. https://www.nuget.org/packages/OWIN-MixedAuth/ to be specific. There was one thing that I did notice while setting that package up, though: It needed to be registered after any middleware that uses the PipelineState.Authenticate pipeline state as it relies on PipelineState.PostAuthenticate. I had to shuffle a few things around to get that working correctly. Do you think your library would need a similar disclaimer?
from pysco68.owin.authentication.ntlm.
pysco68
commented on July 26, 2024
Well I guess that in your application scenario using that other library is not a bad idea! In fact this OWIN middleware was designed with another case in mind that involved the impossibility to rely on either HttpListener (no WebSockets on Server 2008 R2) nor IIS (for other application specific policy).
I've used it successfully with both Nowin (which was the host I designed the library for) and Kestrel lately.
Btw. I never considered any IIS related things in the library as I was never meant to be used in conjunction with IIS (as both IIS and IISExpress support windows authentication on their own)
from pysco68.owin.authentication.ntlm.
jpsullivan
commented on July 26, 2024
Gotcha, gotcha. Makes sense! The reason we were exploring these sorts of avenues was mainly because we wanted to toggle each authentication provider. One setup may use SAML or OAuth while another chooses to use NTLM. Doing so restricts us from using IIS' Windows Authentication setting.
Thanks again for reaching out!
from pysco68.owin.authentication.ntlm.
pysco68
commented on July 26, 2024
You're welcome!
Regarding your requirement, sure, that makes sense! If I find some spare time in the next weeks I'll try to setup my lib behind IIS or IIS Ex for a few hours. If I find out anything I'll let you know!
In the meanwhile I'll close this issue if you don't mind(?)
from pysco68.owin.authentication.ntlm.
jpsullivan
commented on July 26, 2024
Nope not at all. In fact I'll do it for you ;)
Feel free to reopen though if you have any questions!
from pysco68.owin.authentication.ntlm.
Related Issues (16)
- CallbackPath check fails when BasePath is not /
- Prompted for credentials HOT 1
- You should port to .net core HOT 1
- IOwinRequest in OnCreateIdentity callback HOT 2
- Why Owin.Extensions and Owin.Types are referenced? HOT 2
- Configuration of CallbackPath not working as expected HOT 2
- The identity in RequestContext.Principal.Identity does not provide domain name HOT 5
- Retrieve User Identity [Question] HOT 4
- NTLM authentication works well on IIS Express (Visual Studio) but fails on IIS. HOT 4
- HandshakeState.IsClientResponseValid failed while accesing specific domain instead localhost
- when to send challenge with SignalR? HOT 2
- Feature request: give me a hook for rejecting particular users HOT 5
- possible to use token instead of cookie? HOT 1
- Virtual Directory CallbackPath HOT 6
- Sample using this Nuget package HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pysco68.owin.authentication.ntlm.