Help with PSU API auth

I’m running PSU 1.4.3 as a service under a service account.

I’ve setup & enabled Windows Auth. I can login to the admin console without entering any credentials. My roles seem to be applying correctly.

My issue is that none of my API endpoints with Authorization enabled actually work. When testing outside the admin console, I get 404s for any endpoint that has Auth turned on. Inside the admin console, no errors, just an empty string as the output “”.

Should I be adding auth headers to my request? Not sure what to do here…

Here is one of my sample endpoints:

$ReturnObject = [pscustomobject]@{
    Data = 'abc'
}
return (ConvertTo-Json $ReturnObject)

My end goal here is to build a simple endpoint that would return the built-in API variable $Identity.

Strange that you are getting 404s. Can you check the PSU logs to verify we aren’t throwing exceptions? %ProgramData%\PowerShellUniversal by default.

For invoking a Windows Auth API, you need to include the -UseDefaultCredentials parameter if I’m not mistaken.

 Invoke-WebRequest -UseDefaultCredentials

I’ve been adding -UseDefaultCredentials with no luck… seeing some exceptions in the logs:

2020-10-14T22:24:04.8369095-04:00 0HM3GBKC1GDUB:0000000A [INF] Request starting HTTP/1.1 GET http://server1234:5000/username   (ca22a1cb)
2020-10-14T22:24:04.9899725-04:00 0HM3GBKC1GDUB:0000000A [ERR] An unhandled exception has occurred while executing the request. (48a46595)
System.InvalidOperationException: No authentication handler is registered for the scheme 'Windows'. The registered schemes are: Cookies, Bearer, Negotiate. Did you forget to call AddAuthentication().Add[SomeAuthHandler]("Windows",...)?
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Universal.Server.Services.UniversalAuthorizationService.AuthorizedAsync(HttpContext context, String role) in D:\a\universal\universal\src\Universal.Server\Services\UniversalAuthorizationService.cs:line 80
   at Universal.Server.Services.ApiProxy.ExecuteAsync(HttpContext httpContext) in D:\a\universal\universal\src\Universal.Server\Services\ApiProxy.cs:line 156
   at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in D:\a\universal\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 58
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2020-10-14T22:24:05.2717468-04:00 0HM3GBKC1GDUB:0000000A [ERR] An unhandled exception has occurred while executing the request. (48a46595)
System.InvalidOperationException: No authentication handler is registered for the scheme 'Windows'. The registered schemes are: Cookies, Bearer, Negotiate. Did you forget to call AddAuthentication().Add[SomeAuthHandler]("Windows",...)?
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Universal.Server.Services.UniversalAuthorizationService.AuthorizedAsync(HttpContext context, String role) in D:\a\universal\universal\src\Universal.Server\Services\UniversalAuthorizationService.cs:line 80
   at Universal.Server.Services.ApiProxy.ExecuteAsync(HttpContext httpContext) in D:\a\universal\universal\src\Universal.Server\Services\ApiProxy.cs:line 156
   at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in D:\a\universal\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 58
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2020-10-14T22:24:05.4073407-04:00 0HM3GBKC1GDUB:0000000A [INF] Request finished in 570.4504ms 404  (791a596a)

Ack. I see the issue here. The problem is that the self-hosted Windows auth is using the wrong authentication scheme. It’s trying to use the IIS Windows Auth rather than the configured Negotiate auth.

I will get this fixed.