How to use AD Kerberos authentication for ASP.NET Core Web API (linux) inside Docker Swarm?

dmitrijz
dmitrijz used Ask the Experts™
on
Hi, I have requirement to use Kerberos authentication for ASP.NET WebAPI application deployed in Docker Swarm .NET Core linux containers. WebApi will be used by web clients with Kerberos support. Application also should be connected to active directory to subscribe and get list of all users from AD. Docker Swarm deployed on premises in the organization network. Anyone have experience with such configuration?
- What should be done to enable Kerberos authentication in the ASP.NET and its Docker linux image? Will this require 3rd party kerberos tools or it can be handled by .NET Core?
- To enable such configuration what should be configured in the SWARM cluster?
- What should be used as service principal names (SPN)? And how to get user AD Identity inside ASP.NET?
- Is it possible to use multiple container instances of the same application?
- How I could use background worker service inside SWARM cluster to sync users list with the AD database?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb742433(v=technet.10)

The GSS-API Programming Guide explains the Generic Security Services Application Programming Interface -- the GSS-API. The GSS-API is a framework that allows developers to write applications that take advantage of security mechanisms such as Kerberos v5, without having to explicitly program for any one mechanism. Programs using the GSS-API therefore can be highly portable, not only from one platform to another, but from one security setup to another and from one transport protocol to another. The GSS-API provides several levels of data protection, consistent with the underlying security mechanisms that have been implemented on a system.
http://www.shrubbery.net/solaris9ab/SUNWdev/GSSAPIPG/p1.html

GSS-API InitializeSecurityContext
http://www.pinvoke.net/default.aspx/secur32/InitializeSecurityContext.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial