Good afternoon. Haproxy 2.0.5.
When trying to authenticate using negotiate (kerberos / ntlm) in a web application (ASP.Net Core, kestrel), a 401 error occurs.
Client - Windows, domain authentication. haproxy and application server - Linux Debian 9.
Client -> Application Server = 200 (ok).
Client -> haproxy -> Application Server -> 401. If you don’t use authentication, then no problem, balancing works.
There is also IIS. For him, it was required to specify first NTLM, then Kerberos in authentication in applications. When kerberos was the first, there was also a 401 error.
What about kestrel? The asp.net core app uses transparent Windows authentication, the nuget package Microsoft.AspNetCore.Authentication.Negotiate is installed.
The authentication scheme is configured to use Negitiate. Through haproxy - 401. A browser window appears with a proposal to enter a login, password, domain. None of the right combinations work. Different browsers - Firefox, Chrome, IE11.
Keeping in mind the problems with IIS (401), I understand that it is necessary to switch to NTLM on the Linux application server. But I don’t know how to do it. What needs to be done with haproxy for Negotiate to work?
I tried to access kestrel directly through haproxy, and through the nginx open proxy server. There is no difference - 401.