Last post Dec 20, 2016 07:28 AM by Chris Zhao
Dec 17, 2016 12:57 AM|peterjc2007|LINK
I have an asp.net Web API server running under IIS, that until now has used windows authentication as it has only had other services running on the same domain conencting to it.
So, in my web.config I have the following settings...
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<authentication mode="Windows" />
<windowsAuthentication enabled="true" />
With this I can use a browser (or the services) on the same domain and reach my services.
Now we want to allow Mobile applications to also connect. We will be using a a token based scheme based on this tutorial...http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin. I need to turn off the Windows
authentication in my `web.config` to use this. If I leave in the windows configuration as above, I don't even get any of the Owin middle where methods (or custom filters) called when I, for example, se Postman to call a route with no windows authentication
So my question is
* How can I allow either authentication, so that even a Browser (on the same domain) can still call the routes and be authenticated (via the Negotiate), but also allow other clients to use the token based scheme? **Also** (very important) how do I configure
this in `web.config` to allow both?
Thanks in advance for any help!
Dec 20, 2016 07:28 AM|Chris Zhao|LINK
Try using token-based active directory authentication, see https://www.teamscs.com/2016/07/token-based-active-directory-authentication-using-owin/