dotnet/aspnetcore

Add an AutomaticChallenge option to disable HttpSys from adding auth headers on 401

Open

#5.888 geöffnet am 18. Juni 2018

Auf GitHub ansehen
 (10 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)C# (10.653 Forks)batch import
affected-very-fewarea-networkingenhancementfeature-httpsyshelp wantedseverity-nice-to-have

Repository-Metriken

Stars
 (37.933 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 16T 9h) (258 gemergte PRs in 30 T)

Beschreibung

Hi , I have a REST API appilcation hosted on HTTP.Sys with windows authetication option enabled . The REST API is protected by "Bearer" authentication scheme . Once the API invoked with invalid token the authentication scheme returns 401 with "WWW-Authenticate" "Bearer" header . Since application is hosted on HTTP.Sys the additional "WWW-Authenticate" "Negotiate" header has been added by AuthenticationManager of Http.Sys . The application uses windows authentication only in the user authentication endpoint . Is there a way to add windows authentication to specific route once hosted on http.sys ?

Contributor Guide