DEV Community

Discussion on: Hosting a Node.js application on Windows with IIS as reverse proxy

View post

Replies for: how we can do window authentication for angular app that served from express application running behind proxy

Collapse
 
jesben profile image
jesben

Windows Authentication

Have tried with NodeSSPI is not working behind a reverse proxy.

URL rewrite is running before Windows authentication, so impossible to attach LOGON_USER in the header that way.

The solution here is:
ISAPI_Rewrite 3 LITE (Freeware)
helicontech.com/isapi_rewrite/down...

C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf

RewriteBase /
RewriteCond %{REQUEST_URI} ^/.*
RewriteHeader X-Remote-User: .* %{REMOTE_USER}

E.g. for Express middleware

app.use(function (req, res, next) {
    if (req.headers.hasOwnProperty('x-remote-user')) {
        req['user'] = req.headers['x-remote-user'];
    }
    next();
});

The IIS site has Windows authentication enabled and with these providers: Negotiate, NTLM.

It gave me unfortunately these challenges when users visit the site for the first time (Tested with Chrome, Edge. In IE the error was constant)

401 
400 (X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=7f1e3067-1a02-4405-b275-000f06952bc2&SERVER-STATUS=400)

This was driving me insane, then I turned off "Negotiate" as a provider, leaving only "NTLM" back and then the error was gone!