79383430

Date: 2025-01-24 06:36:33
Score: 8 🚩
Natty:
Report link

Did anyone find a proper solution for this. I have nearly the same setup

FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base

# Temporär als Root arbeiten, um Bibliotheken zu installieren
#USER root

WORKDIR /app

# Installiere die Bibliothek und Tools für Kerberos-Authentifizierung
RUN apt-get update && apt-get install -y libkrb5-3 libgssapi-krb5-2 krb5-user krb5-config
RUN apt-get update && apt-get install -y libsasl2-modules-gssapi-mit libsasl2-modules gss-ntlmssp
RUN apt-get update && apt-get install -y iputils-ping dnsutils telnet ldap-utils
RUN rm -rf /var/lib/apt/lists/* 

# Kopiere die Kerberos-Konfiguration und Keytab-Dateien
COPY ["Brit/krb5.conf", "/etc/krb5.conf"]
COPY ["Brit/brit.keytab", "/etc/krb5.keytab"]

# Setze Umgebungsvariablen für Kerberos
ENV KRB5_CONFIG=/etc/krb5.conf
ENV KRB5_KTNAME=/etc/krb5.keytab
ENV KRB5CCNAME=/tmp/krb5cc_0

# Setze Keytab-Datei auf sichere Berechtigungen
RUN chmod 600 /etc/krb5.keytab \
    && chown ${APP_UID:-1000}:${APP_GID:-1000} /etc/krb5.keytab

# Wechsle zurück zum Nicht-Root-Benutzer
USER $APP_UID

EXPOSE 8080
EXPOSE 8081

FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["Brit/Brit.csproj", "Brit/"]
COPY ["ApplicationModels/ApplicationModels.csproj", "ApplicationModels/"]
COPY ["KeyTechServices/KeyTechServices.csproj", "KeyTechServices/"]
COPY ["StarfaceServices/StarfaceServices.csproj", "StarfaceServices/"]
RUN dotnet restore "Brit/Brit.csproj"
COPY . .
WORKDIR "/src/Brit"
RUN dotnet build "Brit.csproj" -c $BUILD_CONFIGURATION -o /app/build

FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "Brit.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "Brit.dll"]

and als my project looks nearly the same

using Brit.Components;
using Brit.Services;
using KeyTechServices.Extensions;
// using KeyTechServices.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Negotiate;
using MudBlazor.Services;
using StarfaceServices.Extensions;
using StarfaceServices.Services;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddMemoryCache();

// Add windows based authentication
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
    .AddNegotiate();

// Add basic authorization
builder.Services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; });

// Add MudBlazor services
builder.Services.AddMudServices();

// Add services to the container.
builder.Services.AddRazorComponents()
    .AddInteractiveServerComponents();

// Add Cascading Authentication State
builder.Services.AddCascadingAuthenticationState();

// Add claims transformation
builder.Services.AddSingleton<IClaimsTransformation, ClaimsTransformationService>();

// Logging im HttpClient anpassen
builder.Logging.AddFilter("System.Net.Http.HttpClient", LogLevel.Warning);
builder.Logging.AddFilter("System.Net.Http", LogLevel.Warning);


builder.Services.AddHttpClient<StarfaceWebApiService>(client =>
    {
        client.BaseAddress = new Uri("http://srv-pbx/rest/");
    })
    .AddHttpMessageHandler<StarfaceAuthTokenHandler>();

builder.Services.AddScoped<StarfaceAuthTokenHandler>();


builder.Services.AddHttpContextAccessor();
builder.Services.AddKeyTechServices();
builder.Services.AddStarfaceServices();
builder.Services.AddTransient<ActiveDirectoryService>();
builder.Services.AddTransient<ThumbnailService>();
builder.Services.AddTransient<EmailService>();

var app = builder.Build();



// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error", true);
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

// Reihenfolge ist wichtig!
// app.UseHttpsRedirection();
app.UseStaticFiles();
// app.UseAuthentication(); // Fügen Sie dies hinzu
// app.UseAuthorization();
app.UseAntiforgery();
app.MapRazorComponents<App>()
    .AddInteractiveServerRenderMode();

app.Run();

kerberos authorization with

kinit -kt /etc/krb5.keytab HTTP/[email protected]

and

klist

works, so I think this is not the issue. When I start the app without the docker container on my desktop it works like a charm.

Does anyone have a solution for this?

Reasons:
  • RegEx Blacklisted phrase (3): Did anyone find a
  • RegEx Blacklisted phrase (3): Does anyone have a solution
  • Long answer (-1):
  • Has code block (-0.5):
  • Ends in question mark (2):
  • Starts with a question (0.5): Did anyone find a
  • Low reputation (1):
Posted by: wenndemann