asp net core 3.1 angular windows 認證需要用戶名和密碼

Question

i'm using asp net core 3.1 with angular i want to combine windows authentication and JWT for canactivate in angular while routing and authorize the controller but always required windows username and password while i pass the token from interceptor to the controller

request.clone({ headers: request.headers.set('Authorization', 'Bearer ' + user.token) });

我的launchSettings.json 更改為以下

"windowsAuthentication": true,
"anonymousAuthentication": false,

將以下代碼添加到啟動 ConfigureServices

var appSettingsSection = Configuration.GetSection("AppSettings");
            services.Configure<AppSettings>(appSettingsSection);

            // configure jwt authentication
            var appSettings = appSettingsSection.Get<AppSettings>();
            var key = Encoding.ASCII.GetBytes(appSettings.Secret);
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(x =>
            {
                x.RequireHttpsMetadata = false;
                x.SaveToken = true;
                x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(key),
                    ValidateIssuer = false,
                    ValidateAudience = false
                };
            });

將以下代碼添加到啟動配置

app.UseAuthentication();
app.UseAuthorization();

Answer 1

如果您將應用程序托管在 IIS 上，則幾乎無法將 windows 和 jwt 令牌身份驗證結合起來。 Both JWT and Windows authentication utilize the Authorization header in Http Request Header, but IIS takes it over first, when your request is a JWT request, the Authorization header you sent is some like this

Authorization: Bearer {jwtcontent}

Then iis windows authentication module takes over your request and found it can not recognize your Authorization header, so it responses to your request with 401 and a Authorization header like this(Negotiate)

Authorization: Negotiate YIIg8gYGKwY[...]hdN7Z6yDNBuU=

或（對於 NTLM）

Authorization: NTLM TlRMTVN[...]ADw==

您的瀏覽器收到此響應並發現服務器正在尋找 windows 憑據，因此它會彈出 windows 要求您輸入用戶名和密碼

所有這些都由 IIS 和瀏覽器處理，它甚至不會進入您的應用程序代碼。