Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to use Windows integrated auth without IIS?

I have an nginx reverse proxy to a few node apps. Our users are all on a Windows domain controlled network. I'm aware I can use express-ntlm or passport-windowsauth to prompt the user for their login credentials, but that's non-integrated auth.

Is it possible to use integrated auth (windows authenticated users can bypass credentials prompt) directly from within node.js (or nginx) without IIS (or Apache)? If so, how?

I suppose we could replace nginx with IIS as the reverse proxy, but I'd like to avoid that if I can.

like image 546
David Budiac Avatar asked Apr 08 '16 16:04

David Budiac


People also ask

What happens when Windows Integrated authentication is used?

Integrated Windows authentication enables users to log in with their Windows credentials, using Kerberos or NTLM. The client sends credentials in the Authorization header. Windows authentication is best suited for an intranet environment.

How do I enable integrated Windows authentication on Chrome?

Click on 'Security tab > Local intranet' then the 'Custom level...' button. Scroll to the bottom and select the 'Automatic logon with current user name and password' option. It's under the 'Authentication > Logon' section. Click OK to save the changes.

What is Integrated Windows authentication in IIS?

Integrated Windows Authentication (IWA) is a built-in Microsoft Internet Information Services (IIS) authentication protocol that can be used to automatically authenticate and sign-in a user to EMS Web App. IWA is best used on intranets where all clients accessing EMS Web App are within a single domain.


1 Answers

Yes, you can, there is a package called node-sspi. It only works on Windows environment though.

Windows SSPI server-side authentication for Node

NodeSSPI to Node.js is what mod-auth-sspi to Apache HTTPD. In a nutshell NodeSSPI authenticates incoming HTTP(S) requests through native Windows SSPI, hence NodeSSPI runs on Windows only.

If you need to use it for other OS, you need to develop your own node module or use Apache.

like image 130
Shanoor Avatar answered Oct 15 '22 06:10

Shanoor