How to add API Authentication and authorization in web server (Kestrel - Self hosted) created in .Net Standard 2.0.

Question

I want to add API Authentication and authorization in our web server (Kestrel - Self hosted) created in .Net Standard 2.0.

I want to use Windows authentication here. We found that this can be done using the AddNegotiate() in “Microsoft.AspNetCore.Authentication.Negotiate” NuGet. but this NuGet is not supported in .NET Standard 2.0.

Is there any alternative for AddNegotiate for .Net Standard? How we can achieve similar authentication in . Net standard?

Please note I can not migrate to modern .NET due to significant dependencies on .NET Framework projects. Are there any viable alternatives or workarounds to implement Windows authentication in .NET Standard?

Answer 1

originally asp.net supported windows authentication via IIS hosting module passing the windows token handle to the asp.net core runtime. this allowed IIS to perform all the windows authentication.

to support asp.net core self hosting (which no longer uses libuv), a new nuget package was written to fully implement windows/kerberos authentication for asp.net core 3.1+. its actually part of the aspnetcore build and not independant. I believe when hosted in IIS it still uses IIS to authenticate.

Windows authentication is complex (as it is an out of band protocol and not part of the http stream) and you are not likely to find an owin implementation. Your best bet is to host with IIS/IIS express.

if IIS is not an option, then easiest approach is to implement basic authentication and use pinvoke to call the windows api to verify the login/password.

https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera