This repository has been archived by the owner on Dec 18, 2018. It is now read-only.
WindowsIdentity.AuthenticationType throws under IIS but not IIS Express #1288
Comments
|
Ok, closing as a dup. Thanks. |
|
I'm on aspnetcore 2.1 and just inserted 2018 is done soon, these tickets are more than 2 years old and all closed/solved in a way I don't know if just some workarounds have been applied here and there or this problem got reintroduced. |
|
ASP.NET Core worked around the issue like this: https://github.com/aspnet/IISIntegration/pull/282/files If you want a fix for WindowsIdentity you'll need to ask https://github.com/dotnet/corefx. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When performing windows authentication I am accessing
User.Identity.AuthenticationTypeto know if "Negotiate" or "NTLM" was used for authentication. On IIS Express this works, but when published to IIS I get this exception:And I see the code is throwing here: https://referencesource.microsoft.com/#mscorlib/system/security/principal/windowsidentity.cs,315
So I am guessing that IIS Express, running as me as admin, is allowed to make the Win32 call, whereas IIS' app pool identity is not.
I think this permissions idea is sort of a red herring, though, as I'd expect the
m_AuthTypeto be initialized when the windows identity is created. This SO article seems to corroborate it: https://stackoverflow.com/questions/11587305/unauthorizedaccessexception-after-using-logonuser/11588736#11588736So I'm not sure where the
WindowsIdentityis created, but it seems to make sense to pass in the auth type to the ctor, rather then defer to a Win32 call.Originally opened here: IdentityServer/IdentityServer4#650 (comment)
The text was updated successfully, but these errors were encountered: