Enable Negotiate provider

Edit your appsettings.json file to remove the cookie provider and add the negotiate provider as per the code block below:

appsettings.json Providers

"Negotiate": {
    "Enabled": "True"
}
XML


BeforeAfter

Enable Windows Authentication in IIS

Ensure your application in IIS has Windows Authentication enabled and Anonymous Authentication disabled.

Enable Anonymous Access to API (optional)

If using the API for external applications to talk to EWA (such as EzeScan Server) then you need to enable Anonymous access to the API via configuration changes to IIS.

  1.  On the IIS server edit the following file: 

    C:/Windows/System32/inetsrv/config/applicationHost.config

    1. Set overrideModeDefault="Allow" for anonymousAuthentication property.


  2.  Add the following code block to the web.config located in the root directory of the EWA files:

    API Code Block

    <location path="api">
        <system.web>
          <authorization>
            <allow users="?"/>
          </authorization>
        </system.web>
        <system.webServer>
          <handlers>
            <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
          </handlers>
          <aspNetCore processPath="dotnet" arguments=".\EzeScan.WebApps.Web.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
          <security>
            <authentication>
              <anonymousAuthentication enabled="true" />
            </authentication>
          </security>
        </system.webServer>
      </location>
    XML

    Your web.config file should now look like:

    web.config

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <location path="." inheritInChildApplications="false">
        <system.webServer>
          <handlers>
            <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
          </handlers>
          <aspNetCore processPath="dotnet" arguments=".\EzeScan.WebApps.Web.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
        </system.webServer>
      </location>
      <location path="api">
        <system.web>
          <authorization>
            <allow users="?"/>
          </authorization>
        </system.web>
        <system.webServer>
          <handlers>
            <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
          </handlers>
          <aspNetCore processPath="dotnet" arguments=".\EzeScan.WebApps.Web.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
          <security>
            <authentication>
              <anonymousAuthentication enabled="true" />
            </authentication>
          </security>
        </system.webServer>
      </location>
    </configuration>
    XML

    These lines of configuration tell IIS that for anything accessing the /api/ path to enable and allow anonymous access.