shammelburg · August 15, 2017 11:45
diff --git a/controller.cs b/controller.cs
 // [DisableCors]
 [Authorize]
 [Route("api/[controller]")]
 public class AuthController : Controller
 {
    private AuthicationSettings _authSettings { get; set; }

    public AuthController(IOptions<AuthicationSettings> settings)
    {
        _authSettings = settings.Value;
    }

    // GET: api/values
    [HttpGet]
    public IActionResult Get()
    {
        var isAdmin = User.IsInRole(_authSettings.Global);
        return Ok(new { User = User.Identity.Name, IsAdmin = isAdmin });
    }
 }
diff --git a/dotnet-core-cors.cs b/dotnet-core-cors.cs
 // Add framework services.
 services.AddCors(options =>
 {
    options.AddPolicy("AllowSpecificOrigin",
        builder => builder
        .WithOrigins(Configuration["CORS:ClientEndpoint"])
        .AllowAnyMethod()
        .AllowAnyHeader()
        .AllowCredentials());
 });

 // CORS
 services.Configure<MvcOptions>(options => { options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin")); });
 // Windows Authentication
 services.AddAuthentication("Windows");
 //services.Configure<IISOptions>(options => options.ForwardWindowsAuthentication = true);
 //services.AddAuthorization(options => { options.AddPolicy("AllUsers", policy => policy.RequireAuthenticatedUser()); });




 app.UseAuthentication();
diff --git a/iis-settings.txt b/iis-settings.txt
 // for server testing/live
 IIS Site > Authentication > { Anonymous = true, windows = true }
diff --git a/launchSettings.json b/launchSettings.json
 // for local dev

 {
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:port/",
      "sslPort": 0
    }
  }
 }
diff --git a/web.config b/web.config
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore forwardWindowsAuthToken="true" processPath="dotnet" arguments=".\BrandedSitesCmsCoreApi.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
  </system.webServer>
 </configuration>
	// [DisableCors]
	[Authorize]
	[Route("api/[controller]")]
	public class AuthController : Controller
	{
	private AuthicationSettings _authSettings { get; set; }

	public AuthController(IOptions<AuthicationSettings> settings)
	{
	_authSettings = settings.Value;
	}

	// GET: api/values
	[HttpGet]
	public IActionResult Get()
	{
	var isAdmin = User.IsInRole(_authSettings.Global);
	return Ok(new { User = User.Identity.Name, IsAdmin = isAdmin });
	}
	}
	// Add framework services.
	services.AddCors(options =>
	{
	options.AddPolicy("AllowSpecificOrigin",
	builder => builder
	.WithOrigins(Configuration["CORS:ClientEndpoint"])
	.AllowAnyMethod()
	.AllowAnyHeader()
	.AllowCredentials());
	});

	// CORS
	services.Configure<MvcOptions>(options => { options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin")); });
	// Windows Authentication
	services.AddAuthentication("Windows");
	//services.Configure<IISOptions>(options => options.ForwardWindowsAuthentication = true);
	//services.AddAuthorization(options => { options.AddPolicy("AllUsers", policy => policy.RequireAuthenticatedUser()); });




	app.UseAuthentication();
	// for server testing/live
	IIS Site > Authentication > { Anonymous = true, windows = true }
	// for local dev

	{
	"iisSettings": {
	"windowsAuthentication": true,
	"anonymousAuthentication": true,
	"iisExpress": {
	"applicationUrl": "http://localhost:port/",
	"sslPort": 0
	}
	}
	}
	<?xml version="1.0" encoding="utf-8"?>
	<configuration>
	<system.webServer>
	<handlers>
	<add name="aspNetCore" path="" verb="" modules="AspNetCoreModule" resourceType="Unspecified" />
	</handlers>
	<aspNetCore forwardWindowsAuthToken="true" processPath="dotnet" arguments=".\BrandedSitesCmsCoreApi.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
	</system.webServer>
	</configuration>