How to use AD Kerberos authentication for ASP.NET Core Web API (linux) inside Docker Swarm?

Hi, I have requirement to use Kerberos authentication for ASP.NET WebAPI application deployed in Docker Swarm .NET Core linux containers. WebApi will be used by web clients with Kerberos support. Application also should be connected to active directory to subscribe and get list of all users from AD. Docker Swarm deployed on premises in the organization network. Anyone have experience with such configuration?
- What should be done to enable Kerberos authentication in the ASP.NET and its Docker linux image? Will this require 3rd party kerberos tools or it can be handled by .NET Core?
- To enable such configuration what should be configured in the SWARM cluster?
- What should be used as service principal names (SPN)? And how to get user AD Identity inside ASP.NET?
- Is it possible to use multiple container instances of the same application?
- How I could use background worker service inside SWARM cluster to sync users list with the AD database?
LVL 2
dmitrijzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hilltopCommented:
Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb742433(v=technet.10)

The GSS-API Programming Guide explains the Generic Security Services Application Programming Interface -- the GSS-API. The GSS-API is a framework that allows developers to write applications that take advantage of security mechanisms such as Kerberos v5, without having to explicitly program for any one mechanism. Programs using the GSS-API therefore can be highly portable, not only from one platform to another, but from one security setup to another and from one transport protocol to another. The GSS-API provides several levels of data protection, consistent with the underlying security mechanisms that have been implemented on a system.
http://www.shrubbery.net/solaris9ab/SUNWdev/GSSAPIPG/p1.html

GSS-API InitializeSecurityContext
http://www.pinvoke.net/default.aspx/secur32/InitializeSecurityContext.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.