PSU 1.5.0 - Universal API Authentication issue

nqui · November 30, 2020, 4:38pm

Product: PowerShell Universal - Universal API
Version: 1.5.0
Type: MSI Install

Good day!

I’ve got Windows Authentication setup for kestrel in appconfig.json and working in other components of PSU.

I’m having trouble getting Universal API endpoints to work with authentication.
I’ve got a simple test endpoint setup that returns $True with the below config:

Method: Get
Url: /test_windowsauth
Role: TestRole
Authentication: Enabled

I’m getting 401s on my requests. The log isn’t throwing any errors… the only odd thing that stands out is that the request starts twice: first without evaluating claims for the user, and second with evaluating claims.

PS >> irm https://psu.company.com/test_windowsauth -UseDefaultCredentials

2020-11-30T11:22:05.5924953-05:00 0HM4L9D8NKEKQ:00000001 [INF] Request starting HTTP/1.1 GET https://psu.company.com/test_windowsauth  0 (ca22a1cb)
2020-11-30T11:22:05.5928643-05:00 0HM4L9D8NKEKQ:00000001 [INF] AuthenticationScheme: "Negotiate" was challenged. (d45f1f38)
2020-11-30T11:22:05.5929931-05:00 0HM4L9D8NKEKQ:00000001 [INF] AuthenticationScheme: "Negotiate" was challenged. (d45f1f38)
2020-11-30T11:22:05.5930731-05:00 0HM4L9D8NKEKQ:00000001 [INF] Request finished in 0.608ms 401  (791a596a)
2020-11-30T11:22:05.5970182-05:00 0HM4L9D8NKEKQ:00000002 [INF] Request starting HTTP/1.1 GET https://psu.company.com/test_windowsauth  0 (ca22a1cb)
2020-11-30T11:22:05.5985338-05:00 0HM4L9D8NKEKQ:00000002 [INF] None (61c24651)
2020-11-30T11:22:05.5988295-05:00 0HM4L9D8NKEKQ:00000002 [INF] Evaluting claims for DOMAIN\USER123 (71bc73d4)
2020-11-30T11:22:05.6587115-05:00 0HM4L9D8NKEKQ:00000002 [INF] DOMAIN\USER123 is part of role Administrator (a51f0f8a)
2020-11-30T11:22:05.7566572-05:00 0HM4L9D8NKEKQ:00000002 [INF] DOMAIN\USER123 is part of role TestRole (61c7e190)
2020-11-30T11:22:05.8519287-05:00 0HM4L9D8NKEKQ:00000002 [INF] AuthenticationScheme: "Negotiate" was challenged. (d45f1f38)
2020-11-30T11:22:05.8520618-05:00 0HM4L9D8NKEKQ:00000002 [INF] AuthenticationScheme: "Negotiate" was challenged. (d45f1f38)
2020-11-30T11:22:05.8523359-05:00 0HM4L9D8NKEKQ:00000002 [INF] Request finished in 255.3125ms 401  (791a596a)

adam · November 30, 2020, 5:46pm

I can reproduce this issue. It works in IIS with Windows Auth but not with the MSI install. I’ll take a look to see if we can resolve this.

The reason you are seeing the request twice in the log is due to the negotiate challenge.

adam · November 30, 2020, 6:18pm

This has been resolved in our main branch. It will be in tonight’s nightly build and version 1.5.4 of PSU.

Topic		Replies	Views
PSU API endpoints with non-IIS Windows authentication always returning 401 PowerShell Universal	1	286	December 13, 2021
Seeking Help with Windows Authentication Issue in PowerShell Universal PowerShell Universal	8	115	November 14, 2024
Help with PSU API auth PowerShell Universal	3	755	October 15, 2020
Issues with PSU 1.5.0 - API Authentication configuration Universal API	1	711	November 20, 2020
API Endpoints under IIS PowerShell Universal	7	841	August 17, 2020

PSU 1.5.0 - Universal API Authentication issue

Related topics