Siderite's Blog

and has 5 comments

I got this exception that doesn't appear anywhere on Google while I was debugging a .NET Core web app. You just have to enable Windows Authentication in the project properties (Debug tab). Duh!

System.InvalidOperationException: The Negotiate Authentication handler cannot be used on a server that directly supports Windows Authentication. Enable Windows Authentication for the server and the Negotiate Authentication handler will defer to it.
   at Microsoft.AspNetCore.Authentication.Negotiate.PostConfigureNegotiateOptions.PostConfigure(String name, NegotiateOptions options)
   at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
   at Microsoft.Extensions.Options.OptionsMonitor`1.<>c__DisplayClass11_0.<Get>b__0()
   at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
   at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.get_Value()
   at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
   at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String name)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.InitializeAsync(AuthenticationScheme scheme, HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

This translates to a change in Properties/launchSettings.json like this:

{
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": true,
    //...
  },
  //...
}

Comments

Dave

Here&#39;s the REAL answer to this issue: After much hair pulling and config changes through the night, I discovered a simple setting in IIS that needs to be enabled (completely missing from BOL). First off, just because you installed Windows Authentication with Server Manager, doesn&#39;t mean it&#39;s enabled in IIS. It&#39;s NOT, by default. You have to open IIS Manager, click on your server (NOT the website - the name of the server machine hosting IIS). Then click on Authentication - you will see &quot;Windows Authentication&quot; is disabled. Enable it. Now it will work.

Dave

Angry Blazor Developer

Did everything MS said to do (hosting bundle, IIS configuration, etc). It&#39;s 100% picture perfect. DotNet5 &amp; 6 sites work perfectly, so long as they don&#39;t use Windows Authentication. I believe that Core will not support Windows authentication on Windows Server 2012 R2. Looks like this &quot;feature&quot; is done on purpose to force an upgrade to Windows Server 2016 and up (or Azure).

Angry Blazor Developer

Scotty Mac Dev

That&#39;s the question I have! How do I make it run as a self-hosted exe?

Scotty Mac Dev

Siderite

This article on Microsoft&#39;s site should help out: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth Check out the last section.

Siderite

Christopher P Painter

Thanks, this makes it work in Visual Studio debugger using IIS. But let&#39;s say you plan on self hosting this as an EXE and not running it through IIS. Any ideas on how to fix that?

Christopher P Painter

Post a comment