ASP.NET Core: How can I specify credentials for Windows authentication in connection string?

  amazon-web-services, asp.net, kerberos, windows

I’m developing an ASP.NET Core 5.0 web API, and my plan is to deploy it to AWS Lambda. In order to do this, I need to containerize the API using the AWS Lambda .NET 5.0 base Docker image which is a Linux image. Unfortunately, this means that Windows authentication for my database doesn’t work within the container since it’s Linux, so I always get an error saying:

Cannot authenticate using Kerberos. Ensure Kerberos has been initialized on the client with ‘kinit’ and a Service Principal Name has been registered for the SQL Server to allow Kerberos authentication.

This happens every time I attempt to reach an endpoint of the API that connects to my Microsoft SQL Server database. I’ve tried looking into enabling Kerberos in my container, but everything I have tried hasn’t worked for me. I’ve tried doing this by adding the lines:

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get -qq update && 
    apt-get -yqq install krb5-user libpam-krb5 && 
    apt-get -yqq clean

To my Dockerfile to install Kerberos, but I still run into the same problem. So that brings me to my actual question (unless someone can advise on getting Kerberos to work). I’ve decided it would be easiest if I could somehow specify my windows authentication credentials in the application so that my API in the container could just use that to authenticate. I have to use windows authentication (I don’t have the option to set up conventional authentication), so at this point this seems like the best solution. Is it possible to do this?

I’ve already tried to set up identity impersonation in my .csproj file, but my project failed to load after adding the lines:

<system.web>
  <authentication mode="Windows"/>
  <identity impersonate="true" userName="foo" password="bar"/>
</system.web>

Maybe that’s on the right track but I’m doing it incorrectly? It seems I can’t just specify the User ID and Password in the connection string either because that isn’t ever used for Windows authentication from what I can tell. Any advice would be much appreciated!

Source: Windows Questions

LEAVE A COMMENT