Windows Authentication in ASP.NET Core with Kestrel On Linux Plateform

Hello,
I am not a developer but I work with others on the implementation of windows authentication in net.core on Linux platform. Apparently, this is now possible directly with Kestrel in version 3 preview
So I tried, but without success. However, I followed the official MS documentation

"https://docs.microsoft.com/fr-fr/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.0&tabs=visual-studio=aspnetcore-3.0&tabs=visual-studio"

I tried the SDK 3.0 on two linux VMs, one in Debian 10 and the other in centOS 7.6.

I have configured my krb5.conf file correctly

I have registered my VM on my AD domain with success

I created a dot.net project with the command "dotnet new webapp --auth Windows".

I added the package "dotnet add package Microsoft.AspNetCore.Authentication.Negotiate --version 3.0.0-preview6.19307.2"

I created my SPN and keytab

setspn -S HTTP/mywebservice.coolcorp.priv pocvm

setspn -S HTTP/mywebservice@COOLCORP.COM pocvm

ktpass -princ HTTP/mywebservice.coolcorp.priv@COOLCORP.PRIV -pass myKeyTabFilePassword -mapuser COOLCORP\pocvm$ -pType KRB5_NT_PRINCIPAL -out c:\temp\pocvm.HTTP.keytab -crypto AES256-SHA1

When I test my keytab with the kinit command, it works.
kinit HTTP/mywebservice.coolcorp.priv@COOLCORP.PRIV -k -t /etc/keytab/pocvm.HTTP.keytab

I do have a kerberos ticket.

I set the location of my keytab as an environment variable.
export KRB5_KTNAME=/etc/keytab/pocvm.HTTP.keytab

I updated the startup file

namespace pocdotnet
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
            });
        services.AddMvcCore(options =>
    {
        options.EnableEndpointRouting = false; // TODO: Remove when OData does not causes exceptions anymore
    });

            services.AddRazorPages();
            services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
   .AddNegotiate();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseAuthentication();
            app.UseMvc();
            app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseCookiePolicy();

            app.UseRouting();

            app.UseAuthorization();



            app.UseEndpoints(endpoints =>
            {
                endpoints.MapRazorPages();
            });
        }
    }
}

I launch my application: dotnet run

But when I display my site "mywebservice.coolcorp.priv", my username does not appear next to Hello.

Does anyone have any ideas or could they help me?