使用Windows身份验证保护Service Fabric无状态WebAPI端点

Question

I'm planning to use Service Fabric as a cache tool for my web applications.

Within Service Fabric, I have:

• A stateful application to store my cache objects
• A stateless WebAPI application to act as an endpoint for other applications to talk to the stateful application. The WebAPI uses OWIN self-host. ( see screenshot )

Both are in the same cluster. The stateless WebAPI will act as an endpoint for exposure. The idea is for my external applications to hit the API to GET/POST/DELETE cache onto the stateful application.

I'm trying to secure the WebAPI using Windows Authentication ( see screenshot ) so only users on my domain can call the API. Is this feature even possible within Service Fabric because I'm not using IIS? Should I include something else in the App.config?

<system.web>
<membership defaultProvider="ClientAuthenticationMembershipProvider">
  <providers>
    <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientWindowsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" connectionStringName="DefaultConnection" credentialsProvider="" />
  </providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
  <providers>
    <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" connectionStringName="DefaultConnection" />
  </providers>
</roleManager>

Answer 1

You can configure windows authentication in OWIN. Read this .