Implementing Windows Authentication in Web Api using .Net 4.8 (Not Core)

Shastri, Shrinivas 0 Reputation points

I have an existing Web Api project build with .Net 4.8. In production, I have both Web Api and Angular based web site deployed in IIS in Windows 2022. The database, SQL Server 2017, is running on separate Windows 2022 machine. Both servers are in same domain. The web site is intranet type used by internal users only.

The Web version is a replacement to old Windows Form GUI. Currently both Windows Form GUI and Web version are connecting to same database.

Aim: When a domain user runs Windows Form GUI, database returns data based on domain user access rights. The Web Api is running with Anonymous authentication and the need is to implement Windows Authentication such that database knows domain user and returns data similar to Windows Forms . I couldn't find any detail instructions on internet how to achieve it in .Net4.8 project.

Constraint: Any changes to database is out of project scope.

Can someone help with right information how to implement Windows Auth in .Net4.8?

ASP.NET: A set of technologies in the .NET Framework for building web applications and XML web services.API: A software intermediary that allows two applications to interact with each other.
255 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Lan Huang-MSFT 19,676 Reputation points Microsoft Vendor

    Hi @Shastri, Shrinivas,

    To enable Windows Authentication within an ASP.NET Application, you should make sure that you have “Integrated Windows Authentication” enabled within IIS for the application you are building. 

    The documentation below has detailed steps.

    Integrated Windows Authentication

    Windows Authentication <windowsAuthentication>

    You should then add a web.config file to the root of your ASP.NET application that contains an <authentication> section that sets the mode to "Windows".

    You should then also add the <authorization> section to the same web.config file to deny "anonymous" users access to the site. The specific configuration is as follows:

            <authentication mode="Windows" />
                 <deny users="?"/>

    Best regards,
    Lan Huang

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Bruce ( 48,396 Reputation points

    see the docs about IIS windows user impersonation:

    also unless the webserver and sqlserver are on the same box, you will run into the one hop rule. so you will need to enable credentials delegation on webserver, and use kerberos for authentication: