This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello,
If I host any .net core based api within aks having ingress-nginx then is there any way to get the user id of the client. I cannot ask client to add a custom header with its value as its username as in that case s/he will be aware of the security pattern in use.
In azure pack it is possible to enable windows authentication and get the client side username. But is there any possible way to manage this kubernetes.
I have also explored adding ntlm authorization header in the request but for that client has to use there username and password to create the header which is not possible because here the call is service to service. Client can only double click and run the software after login the machine but keeping password is a compliance.
Please help.
Thank you
@prmanhas-MSFT , Hey preeti, hope you're doing well. All good at your end? Preeti, could you please suggest some solution here. Currently, I have lot of APIs and all of them working on windows authentication. Now, windows authentication is decommissioning here. I thought of using Oauth also but maintaining so many client id and secret is not possible because the client credential is the only possible grant works in service to service call. Could you please suggest something.
Thank you
@Tanul Any update on the issue?
Please "Accept as Answer" and "upvote" if below response helped so it can help others in community looking for help on similar topics.
Thanks
@Tanul Posting as answer as well for community visibility.
As per discussion all of them state this is something which can be done on application side depending upon the application capability and has not much to do with Azure.
Without more information and/or clarity around their architecture, use-case and exact requirement, there's much that we can recommend.
Apart from this some more information I got is as below:
There are one piece missing in this ask:
• What’s the authentication mechanism/framework used in the .Net core application. After reviewing this page I assume .Net core uses JWT Bearer token, which seems to be the default.
Maybe you want to try parse JWT payload and extract the username? After reviewing this and this I’m pretty sure it’s possible to parse JWT in Nginx, and since we have server_snippet we can add those to the Nginx configuration somehow.
Hope it’s a good direction for you.
Please "Accept as Answer" so it can help others in community looking for help on similar topics.
@Tanul Did above suggestion helped?
Please "Accept as Answer" so it can help others in community looking for help on similar topics.