Authorization for anonymous user

yukitoyukito
in ASP.NET

Hi

We have asp.net core website hosted on asphostportal.com. In our ASP.NET Core (1.0 RC2) application, we have the following requirement: only users from the internal network should be able to access some "Debug" pages. It's a public website and we don't have user logins, instead we managed it until now with a custom IP-address based authorization (note: this is not a security risk in our case, because we have a proxy in between, so the IP address cannot be spoofed from outside).

We want to implement such an IP-address based authorization in ASP.NET Core, as well. We use a custom policy "DebugPages" for this. Then we noticed, that we must have an authenticated user (that's right?) to get authorization to jump in and we create one in the request pipeline, which yields to the following code in Startup.cs (shortened for brevity):

[code] public void ConfigureServices(IServiceCollection services)
{
...

services.AddAuthorization(options =>
{
    options.AddPolicy(
        "DebugPages",
        policy => policy.RequireAssertion(
            async context => await MyIPAuthorization.IsAuthorizedAsync()));
});

}

public void Configure(IApplicationBuilder app)
{
...

app.Use(async (context, next) =>
{
    context.User = new ClaimsPrincipal(new GenericIdentity("anonymous"));
    await next.Invoke();
});

...

} [/code]

Now this works fine when run in Debug by Visual Studio 2015 (with IIS Express). But unfortunately it doesn't work when run directly by dotnet run (with Kestrel) in the command line. In this case we get the following exception:

InvalidOperationException: No authentication handler is configured to handle the scheme: Automatic

The same error occurs when we provide the current Windows principal instead of the principal with a custom anonymous identity -- so everytime when the user is automatic-ally authenticated...

So, why is there a difference between hosting in IIS Express and Kestrel? Any suggestions how to solve the issue?

Comments

  • wypwyp China

    i also have the same issue and don't know the reason!

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

In this Discussion