Rails app, REMOTE_USER attribute in IIS 8.5 with windows authentication

Question

I have setup a IIS 8.5 server that runs a rails app using HttpPlatformHandler and Windows authentication. We have also tried using ARR as reverse proxy with same results.

This all works completely fine, users are authenticated using kerberos, and anonymous authentication is disabled, no problem there. We can deny specific users and see that it has effect.

The problem is that there is no REMOTE_USER or AUTH_USER attribute anywhere in the http response headers. However the HTTP_AUTHORIZATION header is set and is eg "Negotiate YIIHJAYGKw....".

We haven't found a reasonable way to decode the HTTP_AUTORIZATION header either.

Any form of help would be much appreciated.

Answer 1

To fix this, you need to install helicontech's ISAPI_Rewrite 3 on the server running IIS. download url is here: ISAPI_Rewrite 3.

After that navigate to the install folder, the default is C:\Program Files\Helicon\ISAPI_Rewrite3

In there you will find a file called httpd.conf, open it up and add:

RewriteBase /
RewriteCond %{REQUEST_URI} ^/.*
RewriteHeader X-Remote-User: .* %{REMOTE_USER}

Now you will be able to get the remote username in your ruby code with:

request.env['HTTP_X_REMOTE_USER']