WSO2 Passing Windows NTLM authentication through ESB to .NET REST Data Service - iis

I have a .NET data service that resides on a windows server using basic authentication. I have a custom proxy service set up in the ESB that points to my data service endpoint. When I access the data service through Internet Explorer it asks for my credentials as expected and everything works fine. However when I change the IIS to use Windows Integrated authentication for the data service I don't get a response. How do I get the ESB to handle the authentication handshake between my data service and the browser or any other application calling the data service?

"Windows Integrated authentication" do you mean kerberos ?. if so http://blog.facilelogin.com/2010/12/kerberos-authentication-with-wso2-esb.html might help you.
Regards,
/Nuwan

Related

Azure App gateway not passing authentication header to back end pool

We have a classic asp.net web API service running on Azure VM(IIS) and its configured as back end pool in azure application gateway, and the API service is running on windows NTLM authentication (in order to support some backward compatibility and dependency on a legacy component).
One of the controllers in the API is for uploading service. and it’s working fine while I’m calling the service using Insomnia/postman directly through app gateway endpoint.
But when I’m trying to consume the same app gateway endpoint through a .Net core client application. its always unauthorized. The app gateway is not sending the NTLM header to the back end pool
Here is the client code that I used to consume the service
After a long day of digging to the problem with Application gateway and IIS log. Finally, I was able to figure out the issue. Problem is primarily related to .Net Core HttpClient .
HttpClient was failing to send the NTLM header details while calling PostAsync method with multipart form data. So rather than calling PostAsync I have to use SendAsync method in following way after disabling SocketsHttpHandler

Forms Authentication not working in Azure app service

I have a .NET MVC 4 application with .net framework 4.6.1 with forms authentication enabled. Is it possible to have this hosted in Azure app services. I am not finding an option in app services to have forms authentication enabled and getting the attached message when I navigate to the website.
I have the application taking me to the login page on a local server with IIS however not being able to make it work in App services. Any help would be appreciated.
Thanks.
I was able to get this working by fixing a connection string which was causing an error however the message for default document not set in azure may have been misleading.

Azure Function connectivity with app service which has windows authentication

We have a scenario where we need to invoke, a restful API through azure functions. The restful API is hosted in MS azure under app services. Both web application and API are windows authentication enabled.
Azure function runs server less and it cannot pass windows authentication. Using certificate, I need to establish the connectivity with the endpoint. I need your inputs to understand, how we can establish the connectivity between Azure function and rest API which is Windows authentication enabled.
Azure Functions does not support Windows Authentication. If you need a function to be able to call into an external REST API, then you'll need to use a different authentication protocol, such as Azure Active Directory.

Windows Authentication in IIS

I have 2 web services A and B hosted under the same web site. Web Service A uses/calls the APIs of web service B.
Both the services are using the "Custom Application pool" as they need to access Database...and I need to use Windows Authentication for both the services.
So when I try to call the API of service A, it prompts me for userName and password and after that it throws an error.
Now if I change the authentication of web service B to anonymous, it works fine.
It seems to be double-hop issue but I am not sure how to fix it..
Please help me in fixing this issue..
Thanks

Constrained delegation (Kerberos) only working using localhost

We have developed a WebAPI application that runs on IIS 6.2. That API uses Integrated authentication. So, the operations will be executed in the user context of the user that is calling the API.
Apart from that, because some of that operations execute remote actions to another server in the platform. We used constrained delegation (kerberos) to manage the Kerberos double hop and be validated in the remote server as the user calling the API.
We made the configuration changes in the IIS (regarding enabling Windows authentication) and we enabled "Trust this computer for delegation to any service (Kerberos only)" in the AD for the server running the IIS.
The current status is, if we access the API using localhost, everything is working as expected. However, if we access using the FQDN or even 127.0.0.1, it fails with unauthorized when the API call executing the remote operation behind the scenes returns.
Does anyone know what we can fix such configuration issue?
Thanks
Sounds like you did everything right...except didn't or haven't set the SPN properly in AD for the principal (computer/server object) referring to the web service running on the target server. For example, the server name is server1, and the AD and DNS domain name is acme.com. Then the SPN for the server in AD would need to be HTTP/server1.acme.com. Ref: Setting up Kerberos Authentication for a Website in IIS

Resources