Enabling Windows Authentication

Enable Negotiate provider

Edit your appsettings.json file to remove the cookie provider and add the negotiate provider as per the code block below:

"Negotiate": {
    "Enabled": "True"
}

Enable Windows Authentication in IIS

Ensure your application in IIS has Windows Authentication enabled and Anonymous Authentication disabled.

Enable Anonymous Access to API (optional)

If using the API for external applications to talk to EWA (such as EzeScan Server) then you need to enable Anonymous access to the API via configuration changes to IIS.

1.  On the IIS server edit the following file: 

   C:/Windows/System32/inetsrv/config/applicationHost.config

   1. Set overrideModeDefault="Allow" for anonymousAuthentication property.
      

      

      
      
      

2.  Add the following code block to the web.config located in the root directory of the EWA files:

   API Code Block

   XML

   <location path="api">
       <system.web>
         <authorization>
           <allow users="?"/>
         </authorization>
       </system.web>
       <system.webServer>
         <handlers>
           <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
         </handlers>
         <aspNetCore processPath="dotnet" arguments=".\EzeScan.WebApps.Web.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
         <security>
           <authentication>
             <anonymousAuthentication enabled="true" />
           </authentication>
         </security>
       </system.webServer>
     </location>

   Your web.config file should now look like:

   web.config

   XML

   <?xml version="1.0" encoding="utf-8"?>
   <configuration>
     <location path="." inheritInChildApplications="false">
       <system.webServer>
         <handlers>
           <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
         </handlers>
         <aspNetCore processPath="dotnet" arguments=".\EzeScan.WebApps.Web.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
       </system.webServer>
     </location>
     <location path="api">
       <system.web>
         <authorization>
           <allow users="?"/>
         </authorization>
       </system.web>
       <system.webServer>
         <handlers>
           <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
         </handlers>
         <aspNetCore processPath="dotnet" arguments=".\EzeScan.WebApps.Web.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
         <security>
           <authentication>
             <anonymousAuthentication enabled="true" />
           </authentication>
         </security>
       </system.webServer>
     </location>
   </configuration>

   These lines of configuration tell IIS that for anything accessing the /api/ path to enable and allow anonymous access.