stackoom
  简体   繁体   中英

Self-hosted OWIN .NET 4.5 Web API 2 does not work with Windows authentication and https

 原文  2016-11-18 10:49:46       c#/ https/ asp.net-web-api2/ owin

Question

I am trying to get Web API 2 to work with Windows authentication and SSL. It looks like it can work with either one or the other, but when I enable both Windows authentication and SSL, I keep getting 401 responses from the server.

This is how we enable Windows authentication: 

HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;

When running with just HTTP (no HTTPS), Windows authentication seems to work. I see 401 responses followed by a 200 response.

I am also trying to get it to work with HTTPS on my local machine.

I went through the following steps to enable HTTPS:

  • Added a mapping to the server name in my hosts file
  • Installed a certificate (with the help of this post )
  • Reserved a URL ( https://+:10001/ )
  • Ran the service under the reserved URL

Starting the service: 

var startOptions = new StartOptions();
startOptions.Urls.Add(baseUrl); // baseUrl is "https://+:10001/"
_webApplication = WebApp.Start<Startup>(startOptions);

If I disable Windows authentication (comment out the 2 lines with HttpListener above), I can access the service using the HTTPS protocol. The browser recognizes the certificate.

When I enable Windows authentication, I keep getting 401 responses (in Fiddler I can see up to 6 401 responses for one request). A browser keeps prompting me to log in, and fails after a number of attempts with a 401 code.

I have been trying to find someone facing a similar problem. This post looked promising. However, the author did not seem to have any issues with the .NET 4.5 version of OWIN.

Could anyone please advise? Thank you!

1 answers

solution1
 0 ACCPTED  2016-12-14 09:42:18

Our problem was the authentication rather than SSL.

  • Using AuthenticationSchemes.Ntlm helped
  • The other problem was the correct registration of the server name within the organization, so that clients (developers' machines) could access it

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question https scheme issue with Swashbuckle using Proxied OWIN self-hosted Web API Dependency injection not working with Owin self-hosted Web Api 2 and Autofac In self-hosted OWIN Web API, how to run code at shutdown? Self-Hosted Web API in .NET 6 ASP.NET Core 3.1 Web API : can it be self-hosted as Windows service with https and use some certificate like IIS? Configuring SSL on ASP.NET Self-Hosted Web API Self-hosted In Process Web API with Dot net core Client Certificate Mapping Authentication in self-hosted Owin endpoint Get Remote Host IP in Web API Self-Hosted Using Owin How can I signal cancellation to Web API actions when the self-hosted OWIN server shuts down?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM