question

AdamMohamed-4859 avatar image
0 Votes"
AdamMohamed-4859 asked AdamMohamed-4859 answered

How to get windows username in an asp.net core 3.1 webapp linux container running on rhel 7

Users must login to their windows machines where after they can access the web app through a url.
I am trying to retrieve the windows username of the users who launch the app (on the client).
I am trying to avoid carrying out any login where the users have to enter their username and passwords.
The app is running in a corporate network which is controlled by AD groups.
Ultimately I would like to verify the users against an AD group (AD and Azure Ad are both available) then check whether they exist within a users table in sql server.
To do this I need to know the windows-username.
The app is built using ASP.NET Core 3.1 and is an MVC app using Kestrel, running on linux container which is hosted on RHEL 7.
Currently RHEL does not have windows authentication enabled.
I have used the base image mcr.microsoft.com/dotnet/aspnet:3.1 (debian 10) to build my app.
1. When I try to use Environment.UserName this works on visual studio but when deploying the container I get the user on the container : root
2. When i try to use the httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value I get in Visual Studio System.NullReferenceException: 'Object reference not set to an instance of an object.'
3. When i use System.Security.Principal.WindowsIdentity.GetCurrent().Name, i get domain\\windows-username on visual studio (this is perfect) but once i deploy the app linux container i get the following error:
fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "some id", Request id "some id": An unhandled exception was thrown by the application.
System.PlatformNotSupportedException: Windows Principal functionality is not supported on this platform.
at System.Security.Principal.WindowsIdentity.GetCurrent()

I read the docs
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio
and installed nugets for Microsoft.AspNetCore.Authentication.Negotiate and Microsoft.AspNetCore.Connections.Abstractions and added following to the startup file:
services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
app.UseAuthentication();

This did not help.
I understood from the docs that i need to use windows authentication to get the windows username, however I can not find any where in the docs how to that that on a linux container that is running on RHEL?
I would appreciate help on this.



dotnet-aspnet-core-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MartinaMouner-5074 avatar image
0 Votes"
MartinaMouner-5074 answered

Hi @AdamMohamed-4859 ,

Actually I am facing the same problem and after many trials it doesn`t work
I will be grateful if you find a solution and shared it . Thanks in advance

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AdamMohamed-4859 avatar image
0 Votes"
AdamMohamed-4859 answered

@MartinaMouner-5074 You probably need windows authentication to get the username.
I could not find a way documented by Microsoft about how to achieve windows authentication in linux containers.
If the app was installed natively on RHEL/linux then you could use Kerberos with a keytab file to achieve windows authentication and so retrieve the username.
However since the app is running on a linux container, it is isolated form the RHEL/linux host.
As far as my research goes there is a way to achieve this by running multiple services inside the container to be able to achieve windows authentication, however I could not find a way that was supported by microsoft to apply in poduction.

It was easier and more time saving for me to use Azure AD authentication with SSO. Once the user is authenticated then the user profile including the username would be available.

If you still need to resolve this, probably search for windows authentication in linux containers

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.