IIS integration

wlab · June 14, 2021, 7:21am

Hi
We have to host a ServiceStack application version 5.9 built on .net framework 4.8 in IIS using ASP.NET (no .net core, no Kestrel).
Our goal is taking advantage of Windows integrated authentication and impersonation features of IIS, using them as SSO.
The ServiceStack application hosts services shared with another application where users authentication is made by credetilals provided by a web form, using the AuthorizeAttribute of ServiceStack.

We created a class inherited from AppHostBase, calling its Init method in Application_Start of our System.Web.HttpApplication (cassic Global.asax.cs style).
Then:

we created and plugged in a fake servicestack authorization provider to by pass the direct authorization by application;
we used SessionFeature to manage user sessions, caching them by redis cache clients;
we populate and then save sessions about the authenticated user available in the http context, reaching him through the http request inside a callback registered in the collection GlobalRequestFilters of the application host class.

All it works, but (obviously) everything done in void Configure(Container funqContainer) and all
servicestack application initialization task repeats every request.

Is our solution right?
If not, what is the right way to host a servicestack application in iis using ASP.NET and .net classic framework minimizing the initialization effort?

Thank you

mythz · June 14, 2021, 4:32pm

To use Windows Auth in classic ASP .NET you would use the AspNetWindowsAuthProvider:

Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] {
  new AspNetWindowsAuthProvider(this) {
      LoadUserAuthFilter = LoadUserAuthInfo,
  }, 
}));

Also checkout the Authentication Docs for different customization options.

wlab · June 15, 2021, 10:24am

Ok.
I’m tryng using AspNetWindowsAuthProvider; when accessing to web application, the browser requests windows credentials to the user opening a popu up form.
Our solution (our customer) requires user be authenticated only one time when logging in Windows.
In order to our Single Sign On needs Can I avoid this behavior (the pop up which requires windows credentials)?

mythz · June 15, 2021, 10:30am

Do you have Windows Auth configured in your Web.config? If so can you post the raw HTTP Response headers (with any sensitive info scrubbed out) of the initial challenge response so we can see if it’s coming from IIS/ASP.NET or ServiceStack.

aleblanc · June 16, 2021, 6:06pm

Reading this thread… Is it the same provider to use with .Net Core Project ? We will start a project, it’s one of the requirement if we can use windows auth. With Vuejs has front end.

mythz · June 16, 2021, 8:11pm

No AspNetWindowsAuthProvider is .NET Framework only, for ASP .NET Core you would need to configure Windows Auth directly with the ASP .NET Core App then you should be able to use NetCoreIdentityAuthProvider to convert the ASP .NET Identity Auth to a ServiceStack Authenticated User Session as done in Using ASP.NET Identity Auth in ServiceStack.