Kerberos is a beast. No, not Cerberus the mythical 3-headed dog. We’re talking about the protocol that phonetically shares the same name. It’s been the source of multiple headaches, whether it be IIS configuration on the service machine or trusted sites configuration on the client machine. We’re going to shed some light on this issue and make kerberos negitiation available when you’re application is not running on IIS and even when it’s not running on Windows.
This has been a long time coming, but it’s finally here. The oldest issue that was tagged for 2.0 was from March 2018. There are a few issues that are pending that might make the release, but we are in 2.0.5-RC at the time of this writing and the release is looking pretty good.
Background So, as previously published, my day job is at an enterprise. At this enterprise, one of my responsibilities is a security package that is used by our main web application. This web application is a legacy ASP.Net application and is maintained by another team, which I used to be a part of. Plans are…
If you want to host a SOAP service using transport layer security or mixed security, the bindings can be quite picky. They want to have the security be end-to-end. This can make things tricky when trying to do things like SSL termination in a load-balancer.
If you want to host a WCF service in AspNetCore and don’t mind running on .Net Framework, check out Solid.AspNetCore.Extensions.Wcf on Nuget.