Previous article ASP.NET core and integrated windows authentication in nanoserver container showed how to use integrated Windows authentication in docker windows container via IIS which requires a lot of prep steps and pretty cumbersome to implement. Another option is to use
WebListener which as renamed to
HTTPSYS in ASP.NET core version 2.0. Solution is hosted in following Github repo https://github.com/artisticcheese/ContainerWindowsAuth.
You have to prepare your Windows AD environment as per this Enabling integrated Windows Authentication in windows docker container article as a prerequisite.
startup.cs file shall have following entry in
ConfigureServices method which will enable both anonymous and Windows Authenticated access.
Program.cs need following entry in
This will allow to use both Windows and Anonymous authentication side by side. Now your home controller can specify which actions will require authentication and which not as per below.
Dockerfile below is using multi stage build and publish process
Final step is to run built image on Container host which was prepped earlier
docker run -d -h containerhost –security-opt “credentialspec=file://win.json” -p 8888:80 artisticcheese/winauth:nano-httpsys
Accessing this URL from domain joined machine via name only will not require users entering password and will automatically log them in, accessing via IP address will prompt for password and will allow login, accessing action which does not require authentication as expected will not require password. See below.