I'm a full stack developer not bound to one technology stack. I love technical challenges and am interested in all parts of development: analysis, architecture, coding, testing, deployment, ...
I have created an angular 2 application. Now, these are the requirements for windows authentication.
1) If any user within the organization access this application, he should not get the login prompt and should be able to login directly into the application.
2) If any specific user within the organization tries to access the application, then he should get the specific role(Like admin, Manager) and able to login directly.
3) If any user outside the organization tries to access the application, he should get the login prompt.
Backend will also play the significant role. I have created rest API using node js and express. So will this passport package help in my case? I have implemented the passport.js on my node js rest API, but now how to validate that thing on the angular side.
I hope this text helps you to understand my query.
I'm a full stack developer not bound to one technology stack. I love technical challenges and am interested in all parts of development: analysis, architecture, coding, testing, deployment, ...
I don't have experience with Windows Authentication in combination with passport.js. There are a lot of frameworks and parts you're mentioning so it is difficult to solve this in a simple reply. There is an NPM package which mentions passing the user from IIS to node but that uses iisnode: npmjs.com/package/passport-windows.... So I guess you need to find a way for IIS to pass that the user to node running via pm2. Let me know if you find a solution.
how we can do window authentication for angular app that served from express application running behind proxy
It's hard for me to point you in the right direction. Can you give some more information what exactly goes wrong? Do you have an error message?
I have created an angular 2 application. Now, these are the requirements for windows authentication.
1) If any user within the organization access this application, he should not get the login prompt and should be able to login directly into the application.
2) If any specific user within the organization tries to access the application, then he should get the specific role(Like admin, Manager) and able to login directly.
3) If any user outside the organization tries to access the application, he should get the login prompt.
Backend will also play the significant role. I have created rest API using node js and express. So will this passport package help in my case? I have implemented the passport.js on my node js rest API, but now how to validate that thing on the angular side.
I hope this text helps you to understand my query.
I don't have experience with Windows Authentication in combination with passport.js. There are a lot of frameworks and parts you're mentioning so it is difficult to solve this in a simple reply. There is an NPM package which mentions passing the user from IIS to node but that uses iisnode: npmjs.com/package/passport-windows.... So I guess you need to find a way for IIS to pass that the user to node running via pm2. Let me know if you find a solution.
Windows Authentication
Have tried with NodeSSPI is not working behind a reverse proxy.
URL rewrite is running before Windows authentication, so impossible to attach LOGON_USER in the header that way.
The solution here is:
ISAPI_Rewrite 3 LITE (Freeware)
helicontech.com/isapi_rewrite/down...
C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf
E.g. for Express middleware
The IIS site has Windows authentication enabled and with these providers: Negotiate, NTLM.
It gave me unfortunately these challenges when users visit the site for the first time (Tested with Chrome, Edge. In IE the error was constant)
This was driving me insane, then I turned off "Negotiate" as a provider, leaving only "NTLM" back and then the error was gone!