I have a self-hosted SignalR
application using OWIN
.
I would like to add Windows Authentication to the incoming requests. Is this possible?
I believe that I can add e.g. Forms Authentication via something like this.
However I can't find any way to use Windows Authentication to do something similar.
My fallback plan would be to host in IIS instead, but I would prefer to be able to keep my app as a Windows Service if I can.
Ideally there'd be an NTLM owin middlware but since there is none you can work around it by getting a handle on the HttpListener and enabling auth that way (it's natively supported by HttpListener):
public class Startup
{
public void Configuration(IAppBuilder app)
{
var listener = (HttpListener)app.Properties[typeof(HttpListener).FullName];
listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm;
app.MapHubs();
}
}
I was facing the same problem as you, and decided to implement a NTLM / Windows Authentication middleware;
You can find it on Nuget:
Install-Package Pysco68.Owin.Authentication.Ntlm
Sources and more detailed information on how-to use it are awailable here: https://github.com/pysco68/Pysco68.Owin.Authentication.Ntlm
The minimal usage example might look like:
public void Configuration(IAppBuilder app)
{
// use default sign in with application cookies
app.SetDefaultSignInAsAuthenticationType(
DefaultAuthenticationTypes.ApplicationCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
// Enable NTLM authentication
app.UseNtlmAuthentication();
// .....
}
Please note that for performance reasons I decided to stick with Cookie authentication in the end and to use NTLM just for the initial authentication round-trip (because of the high number of requests).