I’m running PSU 1.4.3 as a service under a service account.
I’ve setup & enabled Windows Auth. I can login to the admin console without entering any credentials. My roles seem to be applying correctly.
My issue is that none of my API endpoints with Authorization enabled actually work. When testing outside the admin console, I get 404s for any endpoint that has Auth turned on. Inside the admin console, no errors, just an empty string as the output “”.
Should I be adding auth headers to my request? Not sure what to do here…
Here is one of my sample endpoints:
$ReturnObject = [pscustomobject]@{
Data = 'abc'
}
return (ConvertTo-Json $ReturnObject)
My end goal here is to build a simple endpoint that would return the built-in API variable $Identity.
I’ve been adding -UseDefaultCredentials with no luck… seeing some exceptions in the logs:
2020-10-14T22:24:04.8369095-04:00 0HM3GBKC1GDUB:0000000A [INF] Request starting HTTP/1.1 GET http://server1234:5000/username (ca22a1cb)
2020-10-14T22:24:04.9899725-04:00 0HM3GBKC1GDUB:0000000A [ERR] An unhandled exception has occurred while executing the request. (48a46595)
System.InvalidOperationException: No authentication handler is registered for the scheme 'Windows'. The registered schemes are: Cookies, Bearer, Negotiate. Did you forget to call AddAuthentication().Add[SomeAuthHandler]("Windows",...)?
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Universal.Server.Services.UniversalAuthorizationService.AuthorizedAsync(HttpContext context, String role) in D:\a\universal\universal\src\Universal.Server\Services\UniversalAuthorizationService.cs:line 80
at Universal.Server.Services.ApiProxy.ExecuteAsync(HttpContext httpContext) in D:\a\universal\universal\src\Universal.Server\Services\ApiProxy.cs:line 156
at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in D:\a\universal\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 58
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2020-10-14T22:24:05.2717468-04:00 0HM3GBKC1GDUB:0000000A [ERR] An unhandled exception has occurred while executing the request. (48a46595)
System.InvalidOperationException: No authentication handler is registered for the scheme 'Windows'. The registered schemes are: Cookies, Bearer, Negotiate. Did you forget to call AddAuthentication().Add[SomeAuthHandler]("Windows",...)?
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Universal.Server.Services.UniversalAuthorizationService.AuthorizedAsync(HttpContext context, String role) in D:\a\universal\universal\src\Universal.Server\Services\UniversalAuthorizationService.cs:line 80
at Universal.Server.Services.ApiProxy.ExecuteAsync(HttpContext httpContext) in D:\a\universal\universal\src\Universal.Server\Services\ApiProxy.cs:line 156
at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in D:\a\universal\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 58
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2020-10-14T22:24:05.4073407-04:00 0HM3GBKC1GDUB:0000000A [INF] Request finished in 570.4504ms 404 (791a596a)
Ack. I see the issue here. The problem is that the self-hosted Windows auth is using the wrong authentication scheme. It’s trying to use the IIS Windows Auth rather than the configured Negotiate auth.