i have intranet application using owin self hosting serve spa/webapi 2 type site. works great localhost:port, , ip:port, hostname:port fails ie , chrome. yet application works firefox.
i believe due integrated authentication. chrome returns err_invalid_auth_credentials, , ie returns 400 bad request. fiddler doesn't show difference in headers of request/response, except authentication comes through , 200 in ff, 400 in ie , 401 in chrome.
most of code "borrowed" articles or msdn tutorials.here's program.cs:
string baseaddress = "http://*:9000/"; using (webapp.start<startup>(new startoptions(baseaddress) { serverfactory = "microsoft.owin.host.httplistener" })) { // keep server operational till stopped console.writeline("started, press key stop."); console.readkey(); console.writeline("stopped"); } here's startup.cs:
public void configuration(iappbuilder appbuilder) { var listener = (httplistener)appbuilder.properties["system.net.httplistener"]; listener.authenticationschemes = authenticationschemes.integratedwindowsauthentication; // configure web api self-host. httpconfiguration config = new httpconfiguration(); webapiconfig.register(config); appbuilder.usewebapi(config); appbuilder.usefileserver(new fileserveroptions { requestpath = new pathstring(string.empty), // path static files. filesystem = new physicalfilesystem("./public"), enabledirectorybrowsing = false }); } i made sure set url reservation using netsh:
netsh http add urlacl url=http://*:9000/ user=everyone both ie , chrome attempt intranet model of integrated authentication , attempt send credentials in of our intranet applications. ff prompts credentials , never auto-authenticates. has me leaning towards authentication problem.
does have idea can check validate authentication side of things? fiddler didn't illuminate request well. breakpoints never seem touched in app when requesting against host.
i think there group/local policy getting in way of proper authentication, i'm not start looking.
*edit - updated tags
*update
some further testing indicates forcing auth ntlm (versus integrated) allows chrome auto-logon, ff work same did, , ie in weird place.
ie autologon, fail load js on page, or prompt user , login depending on fqdn vs shortname. believe due default ie behaviors , trusted/intranet site settings.
i have work around, it'd still nice figure out kerberos if has ideas.
change code
httplistener listener = (httplistener)app.properties["system.net.httplistener"]; listener.authenticationschemes = authenticationschemes.ntlm; in self host web api, solved issue.
Comments
Post a Comment