Windows authentication not working via console

[cbrown11]

I'm managed to get the windows authentication to work fine using MVC (OpenID Connect ) and via java script (return a token and then to validate and return claims). Though I'm failing when calling it from a simple console app client. I'm getting the "invalid_client" and no token provided. Even with the client example that has been provided.

 static void Main(string[] args)
        {
            var handler = new HttpClientHandler{
                UseDefaultCredentials = true
            };
            var oauthClient = new OAuth2Client(new Uri("https://localhost:44333/connect/token"), handler);
            var result = oauthClient.RequestCustomGrantAsync("windows").Result;
        }

which sort of make sense, as no clientId is provided. Therefore I added a clientId with a secret and now getting the error "unsupported_grant_type".

 static void Main(string[] args)
        {
            var handler = new HttpClientHandler{
                UseDefaultCredentials = true
            };
            var oauthClient = new OAuth2Client(new Uri("https://localhost:44333/connect/token"), "K2", "secret", handler));
            var result = oauthClient.RequestCustomGrantAsync("windows").Result;
        }

So what am I doing wrong for it not to return token? Is there some specific I need to setup on the Client configuration?

[leastprivilege]

Have your enabled logging? Have you registered a handler for the Windows grant type?

[leastprivilege]

Solved?

[arkoc]

Same issue here.

How should I register a handler for windows grant type ?

Here is my code in IdentityServer App.

 var options = new IdentityServerOptions
            {
                SiteName = "IdentityServer",
                SigningCertificate = LoadCertificate(),
                Factory = factory,
                AuthenticationOptions = new AuthenticationOptions
                {
                    EnableLocalLogin = false,
                    IdentityProviders = ConfigureIdentityProviders
                }
            };

            app.UseIdentityServer(options);

and ConfigureIdentityProviders function

    private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
        {
            var wsFederation = new WsFederationAuthenticationOptions
            {
                AuthenticationType = "windows",
                Caption = "Windows",
                SignInAsAuthenticationType = signInAsType,

                MetadataAddress = Components.Urls.WindowsAuthService,
                Wtrealm = "urn:idsrv3"
            };
            app.UseWsFederationAuthentication(wsFederation);
        }

[arkoc]

Already solved. I didn't get that I should write custom grant validator for "windows" grant type. If someone interested here is my version of Custom Grant Type Validator.

https://gist.github.com/arkoc/c4a86b20eca2e27065145ee4a47fb644

[leastprivilege]

Thanks!

Would you be interested in writing a blog post about that? This way we could link that from our docs and help other people that run into the same problems?

[arkoc]

Yes, of course. I already started it. ( When it will be done I will post link here )

[leastprivilege]

thanks!

[arkoc]

Here it is: http://codepool.me/IdentityServer3-with-custom-grant-flow-and-windows-authentication/

[leastprivilege]

thanks! I added it our docs.

[felipeloest]

First i would like to thank you all for the guidance, @arkoc Could you be so kind to host the images at the same domain? Big companies firewall don't like much "imgur.com". Thank you.

[arkoc]

@felipeloest Done. I updated blog post.