Explain how authorization works with Windows Authentication

[tdykstra]

Description

UUF verbatim

You never explain any of this for Windows Authentication! Where is that info at? And why is this all so ridiculously complicated?

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-9.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authorization/roles.md

Document ID

980a23e7-56e4-da94-a139-cab85135c5f7

Article author

@Rick-Anderson

Metadata

• ID: b3668fea-5d71-a4fc-96d1-74b53906bf25
• Service: aspnet-core
• Sub-service: security

Related Issues

---

Associated WorkItem - 362800

[Rick-Anderson]

@halter73 do we want to add for Windows auth use

builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
    .AddNegotiate();  

and anything else required?

[halter73]

That's all that should be required for Kestrel. You'll probably need to modify the web.config for IIS as described in https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-9.0&tabs=visual-studio#iis.

It's interesting that this feedback was left on the "Role-based authorization" doc. I don't think it's possible to describe how to modify the role claims for each possible authentication provider/service, but it might make sense to link to something like https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/user-access-control#role-based-access-control-rbac for Windows Authentication or https://learn.microsoft.com/en-us/aspnet/core/security/authentication/claims?view=aspnetcore-9.0#extend-or-add-custom-claims-using-iclaimstransformation which demonstrates how you could add/modify claims (including role claims) given any authentication method.