Make it easier to disable windows auth

[brockallen]

The reverse proxy feature is quite useful on its own, and the windows authentication feature is windows specific. Also, I might want the reverse proxy from IIS, but not want windows authentication to be passed along.

Consider this into 2 different middlewares. Perhaps: UseWindowsAuthentication and UseReverseProxy.

I guess the UseIISPlatformHandler could stay and just encapsulate the two?

[brockallen]

Looks like some of the forwarded headers code is already here:

https://github.com/aspnet/BasicMiddleware/tree/dev/src/Microsoft.AspNet.HttpOverrides

[Tratcher]

UseOverrideHeaders is already the reverse proxy middleware you're asking for. This middleware only handles forwarders supported by httpplatformhandler.

The Windows auth components can be disabled in the options. Note that forwarding windows auth is really a httpplatformhandler option in web.config. If that's enabled then you need to consume it to avoid leaking handles.

[brockallen]

The authentication handler is being registered and run regardless of the flag (In Invoke).

Also I can send an invalid handle value in the headers it will trigger the creation of a WindowsIdentity and presumably throw (this is in the UpdateUser method).

[Tratcher]

Fair, the windows auth stuff could be further disabled. How about Options.EnableWindowsAuthentication = false?

[brockallen]

Yea, the more I was thinking about it, I guess it doesn't make sense to split this up since the other middleware give reverse proxy support. I guess the reason I suggested it in the first place is because this MW doesn't use the other.

As for the windows auth -- yes, something to really disable it so none of that code runs would be appreciated. Thx.