Have tried with NodeSSPI is not working behind a reverse proxy.
URL rewrite is running before Windows authentication, so impossible to attach LOGON_USER in the header that way.
The solution here is: ISAPI_Rewrite 3 LITE (Freeware) helicontech.com/isapi_rewrite/down...
C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf
RewriteBase / RewriteCond %{REQUEST_URI} ^/.* RewriteHeader X-Remote-User: .* %{REMOTE_USER}
E.g. for Express middleware
app.use(function (req, res, next) { if (req.headers.hasOwnProperty('x-remote-user')) { req['user'] = req.headers['x-remote-user']; } next(); });
The IIS site has Windows authentication enabled and with these providers: Negotiate, NTLM.
It gave me unfortunately these challenges when users visit the site for the first time (Tested with Chrome, Edge. In IE the error was constant)
401 400 (X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=7f1e3067-1a02-4405-b275-000f06952bc2&SERVER-STATUS=400)
This was driving me insane, then I turned off "Negotiate" as a provider, leaving only "NTLM" back and then the error was gone!
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Windows Authentication
Have tried with NodeSSPI is not working behind a reverse proxy.
URL rewrite is running before Windows authentication, so impossible to attach LOGON_USER in the header that way.
The solution here is:
ISAPI_Rewrite 3 LITE (Freeware)
helicontech.com/isapi_rewrite/down...
C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf
E.g. for Express middleware
The IIS site has Windows authentication enabled and with these providers: Negotiate, NTLM.
It gave me unfortunately these challenges when users visit the site for the first time (Tested with Chrome, Edge. In IE the error was constant)
This was driving me insane, then I turned off "Negotiate" as a provider, leaving only "NTLM" back and then the error was gone!