As far as I know, we can't authenticate the user without entering the credentials on the browser.
@Zhi Lv - MSFT
We can do it by enabling both Windows and Anonymous authentication together.
Currently the way I have the code in my system is - basically a hybrid approach (as mentioned above), and then further following the MS docs approach mentioned in reference url I shared earlier.
services.AddTransient<IClaimsTransformation, LdapUserClaimsTransformer>();
services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate()
Problem with above approach is :
Since I have am hitting the LDAP inside "LdapUserClaimsTransformer" class and building the user claims there. And, this is called in each and every request. So, due to this it is called multiple times. And, in turn hitting the LDAP for every time and alternatively recreating the claims too. [WHICH DO NOT WANT TO DO]
I see there is approach for NegotiateHandler. However, I do not see a good sample of using it. Assuming this won't hit for every request If you can help me understand how can I implement a custom NegotiateHandler then I can may be fix this issue and remove the ClaimsTransformation thing.
About this question, might be you need to override the build in handling method to get the groups, but I didn't find it from the official document. So, I suggest you could feedback this issue by clicking the "This Product" button at the bottom
Thanks! Will do. Just one quick question. Do you by chance know - how soon we get response post submitting a feedback.
Regards,
Prashant Srivastava