3

I have a multi-tier application which is using 2 NET Core ASP.NET tiers.

  • Tier 01
    • React JS hosted via ASP.NET Core
  • Tier 02
    • Back-end HTTP rest

The Tier 01 is using NTLM, so when the User open the Browser, ASP.NET Core loads the React SPA and from ASP.NET Core I can get the IPrincipal of the current Windows User. The Back-end, unfortunately, is always running in the context of the App Pool service account.

In this scenario, what would be the correct way, from React, to call the Back-end using the Windows Account which is running the application? Is there a way to generate a Token, like OAuth, in the Front-end NET Core host and then pass it to the Back-end?

Note

I do have an architectural requirement, I can't use Username and Password, I can't use Basic Authentication. The Front-end must open using NTLM and display the current Windows Account (this part is working)

Improve this question
4
  • Are your users declared in Azure Active Directory? Or a locally deployed Active Directory? Commented Oct 7, 2019 at 8:01
  • Company AD, we are not using Azure in this scenario Commented Oct 7, 2019 at 10:37
  • @Raffaeu, I have a same scenario wherein I have a react app(in windows env) and spring boot REST APIs for back-end, I just want that whenever user opens react app I want to get the username of logged in system user(always windows) in my back-end for authentication. Could you please suggest something? Commented Apr 3, 2020 at 8:09
  • In Spring the easiest is to use a Spring action to host your React so it will force windows authentication before loading React client app To authenticate with Windows on Spring you can easily use Waffle Commented Apr 12, 2020 at 11:10

1 Answer 1

Reset to default
2

I think you can use the approach mentioned in below link. In tier 01, create an API endpoint that requires Windows Authentication. Get user info from the identity and generate a token.

Use Windows Authentication with OAuth 2.0

For token generation, let's use IdentityServer. Generate access token with IdentityServer4 without password

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nice, I didn't think about Identity Server. So that was my point, if I can get a Token also from Windows Authentication

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.