I'm trying to get Basic Auth setup in front of our Legacy MVC .Net app that is hosted in a Windows Server 2016 Docker Container.
The issue is almost certainly more to do with how I'm setting up things in windows and in the web.config more so than anything to do with docker. I'm not a windows or IIS guy. So help is very much appreciated.
So the instance is a base image of Windows Server 2016 in which I'm running these commands to setup IIS and users:
Dockerfile
FROM microsoft/aspnet:4.7.1-windowsservercore-ltsc2016
ARG source
WORKDIR /inetpub/wwwroot
COPY ${source:-obj/Docker/publish} .
# Install Url Rewrite
ADD https://download.microsoft.com/download/C/9/E/C9E8180D-4E51-40A6-A9BF-776990D8BCA9/rewrite_amd64.msi /install/rewrite_amd64.msi
RUN Start-Process msiexec.exe -ArgumentList '/i', 'c:\install\rewrite_amd64.msi', '/quiet', '/norestart' -NoNewWindow -Wait
#RUN ["powershell", ". /Windows/System32/inetsrv/appcmd.exe set config 'Default Web Site' -section:system.webServer/security/authentication/basicAuthentication /enabled:'True' /commit:apphost"]
#RUN $Acl = Get-Acl 'C:\inetpub\wwwroot'; $Ar = New-Object system.security.accesscontrol.filesystemaccessrule('client','FullControl','Allow'); $Acl.SetAccessRule($Ar); Set-Acl 'C:\inetpub\wwwroot' $Acl
#RUN New-LocalUser -Name 'client' -FullName 'Basic Auth User' -Description 'Basic Auth User' -Password (ConvertTo-SecureString 'NOTTELLING' -AsPlainText -Force)
#RUN dism /online /enable-feature /featurename:IIS-BasicAuthentication
RUN Import-Module ServerManager; Add-WindowsFeature Web-Basic-Auth
RUN Net user client NOTELLING /add /fullname:"client" /expires:never
RUN c:\\windows\\system32\\inetsrv\\appcmd.exe unlock config \"Default Web Site\" /section:system.webServer/security/authentication/anonymousAuthentication /commit:apphost
RUN c:\\windows\\system32\\inetsrv\\appcmd.exe unlock config \"Default Web Site\" /section:system.webServer/security/authentication/windowsAuthentication /commit:apphost
RUN c:\\windows\\system32\\inetsrv\\appcmd.exe set config \"Default Web Site\" /section:system.webServer/security/authentication/windowsAuthentication /enabled:\"False\" /commit:apphost
RUN c:\\windows\\system32\\inetsrv\\appcmd.exe unlock config \"Default Web Site\" /section:system.webServer/security/authentication/basicAuthentication /commit:apphost
RUN c:\\windows\\system32\\inetsrv\\appcmd.exe set config \"Default Web Site\" /section:system.webServer/security/authentication/basicAuthentication /enabled:\"True\" /commit:apphostAnd this is in my Web.Debug.config
<security><authentication><anonymousAuthentication enabled="false" /><basicAuthentication enabled="true" /></authentication></security>
The result is that the browser indeed things build ok, but the browser opens to the site, with no Basic Auth prompt.
I've also tried a few other things in the web.config that of netted out with successfully getting the BA prompt but when I enter the password for the 'client' user above... it gets rejected.
What I'm trying to do here should be very straight forward. What works on native IIS will work on a dockerized version, I just don't even know what I'm doing with the native one.
Help appreciated!