Rick-Anderson
commented
2 years ago Is this the warning?
Credentials can be persisted across requests on a connection. Negotiate authentication must not be used with proxies unless the proxy maintains a 1:1 connection affinity (a persistent connection) with Kestrel.
found NTLM/Kerberos credential persistence was not enabled by default. It requires The Microsoft.AspNetCore.Authentication.Negotiate NuGet package
Notheisz57
**EDIT by @Rick-Anderson*** Regarding the Kestrel section of this document, specifically the warning and info blockquotes near the start of the section.
For the warning blockquote, I was working through a new project targeting .NET 6.0 and found NTLM/Kerberos credential persistence was not enabled by default. It may be beneficial to mention whether or not the code sample that follows results in the scenario described in the warning blockquote. If you create a new Razor/Blazor project from template and deploy it to an IIS server, would credential persistence be an issue? These kinds of examples are sometimes included in Microsoft Docs and I find them very informative, or at the very least they help understand the context, etc.
For the note blockquote:
it is implied that if the platform/server supports Windows/Negotiate authentication natively, magic and smoke will pester you to enable the native implementation (rather than performing the authentication "in-process"?). Could this be better detailed or an example be included to clarify what this pertains to? If you create a new Razor/Blazor project from template and deploy it to an IIS server, would you receive this error if IIS has Windows Authentication disabled?
If clarification on these two blockquotes can be provided, I can author a change to the doc if suitable.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.