Nlog.SignalR not working when using windows authentication

[gabimousa]

When using Windows authentication the proxy is not working correctly.

It looks like the defaults credentials have to be passed through to the new hubconnection.

    var connection = new HubConnection("http://www.contoso.com/");
    connection.Credentials = CredentialCache.DefaultCredentials;

but when i look at the github source i cannot find anything about authentication.

Am I missing something?

[manofthetent]

@gabimousa Thanks for your feedback. So, the code currently does not set anything for credentials. I am curious what the default value of the .Credentials property would be. Also, wondering if there is any harm if we set it to the CredentialCache.DefaultCredentials for those not needing it. Lastly, if we added the ability to configure it, then we could set up a credential and apply it, if that were provided.

Thoughts?

[gabimousa]

@manofthetent After some testing setting CredentialCache.DefaultCredentials did not do the trick for me because the applicationpool the application is running on was setup to use a specific user that does not have sufficient rights to make the connection. Im am running the application with Windows authentication enabled en anonymous authentication disabled. It did work when i was running the application under IIS Express with Windows authentication on though, but that was probably because i had sufficient rights on my own computer ;-)

According to the microsoft docs site https://docs.microsoft.com/en-us/aspnet/signalr/overview/security/hub-authorization the DefaultCredentials should only be set when using Windows Authentication so i would think that the connection will be made with de logged in user but it looks like that is not the case

What i would like is to create a hubconnection with the user that is logged in the application without having to configure the username and password in de NLog configuration target but by reusing the credentials of the logged in user. Until now i was not able to get that to work by playing around with a clone of the NLog.SignalR repo. Probably because I am not an expert in this material.

For now i have created my own SignalR target and reused the application HubContext with the following code GlobalHost.ConnectionManager.GetHubContext(_target.HubName) But this seems a bit hacky

Any ideas?

[toddmeinershagen]

@gabimousa When you are running under IIS express, you are running under your context, so that probably explains why the credentials are working properly in that situation.

Do you have your project (website) with the nlog.signalr checked in somewhere on github or can you provide a zip file (attach to this issue) so that I can reproduce your issue locally and try to fix it?

[gabimousa]

@toddmeinershagen To reproduce this issue you need to change settings in iis. I cannot provide a website where those settings are set in your iis instance.

to reproduce this issue you need to do the following.

Create a domain service account and set it as the user for the application pool Create a usergroup that defines the domain users that are allowed to login to the website. Under website permissions both the service account and the usergroup have the following settings set: read & excute, List folder content and Read.

For the website under authentication i have the following: Anonymous authentication: disabled ASP.NET imporsonation: disabled Forms authentication: disabled Windows authentication: enabled

Then when I access the site with a user that is added to the usergroup mentioned preiously the problem occurs when trying to log to signalR.

Hope this helps.