0
Sirs,
I have an application very similar to the visual studio 2019 ready template. There, through the 'Users.Identity.Name', I obtain the AD data of the authenticated user as below:
public UserIdentityModel GetADUser(ClaimsPrincipal pUser)
{
UserIdentityModel user = null;
try
{
using (var context = new PrincipalContext(ContextType.Domain, _dominio))
{
var result = UserPrincipal.FindByIdentity(context, _Usuario);
user = new UserIdentityModel
{
DisplayName = result.DisplayName,
Email = result.EmailAddress,
Autenticado = pUser.Identity.IsAuthenticated,
UserName = result.UserPrincipalName,
Groups = result.GetGroups()
};
return user;
}
}
catch (Exception ex)
{
return user;
}
}
My application is configured for windows Authentication:
services.AddAuthentication(IISDefaults.AuthenticationScheme);
My launchSettings.json
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:50437",
"sslPort": 0
}
}
Also configured to run on IIS:
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseIISIntegration();
After publishing that application, and go up locally on IIS, enabling Windows Authentication and Anonymous Authentication settings on IIS
My application worked as expected. What is expected is that when accessing the application URL, my user is loaded automatically, without the need to provide username and password. I did the test with other users and different machines (in the same AD as my user) and the result was positive.
But when I upload the application to an IIS of the Server, which is in an AD other than mine, my application requests that the user provide the credentials:
Another important detail is that I gave IIS security permissions to a user from the same server domain, but the behavior was the same, being required to provide credentials.
Finally the question here is... What do I need to do to make my server application behaves the same way as my application local?
probably your user is a local machine administrator, so everything works fine, now if you are logging on to a server outside of your machine it is normal to behave differently, you need to add your user or a group that is part of the IIS permissions. And when you say "different ad than mine," you mean another domain?
– Ricardo Pontual
Ricardo, I tried to give permissions to a user but the application still requires credentials. And yes, when I say AD other than mine, they are different domains. Your comment has an important weight that I should have made it clearer in the question.
– Arthur Gresele