I have an nginx reverse proxy to a few node apps. Our users are all on a Windows domain controlled network. I'm aware I can use express-ntlm or passport-windowsauth to prompt the user for their login credentials, but that's non-integrated auth.
Is it possible to use integrated auth (windows authenticated users can bypass credentials prompt) directly from within node.js (or nginx) without IIS (or Apache)? If so, how?
I suppose we could replace nginx with IIS as the reverse proxy, but I'd like to avoid that if I can.
Integrated Windows authentication enables users to log in with their Windows credentials, using Kerberos or NTLM. The client sends credentials in the Authorization header. Windows authentication is best suited for an intranet environment.
Click on 'Security tab > Local intranet' then the 'Custom level...' button. Scroll to the bottom and select the 'Automatic logon with current user name and password' option. It's under the 'Authentication > Logon' section. Click OK to save the changes.
Integrated Windows Authentication (IWA) is a built-in Microsoft Internet Information Services (IIS) authentication protocol that can be used to automatically authenticate and sign-in a user to EMS Web App. IWA is best used on intranets where all clients accessing EMS Web App are within a single domain.
Yes, you can, there is a package called node-sspi. It only works on Windows environment though.
Windows SSPI server-side authentication for Node
NodeSSPI to Node.js is what mod-auth-sspi to Apache HTTPD. In a nutshell NodeSSPI authenticates incoming HTTP(S) requests through native Windows SSPI, hence NodeSSPI runs on Windows only.
If you need to use it for other OS, you need to develop your own node module or use Apache.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With