[英]How to use currently logged in Windows Active Directory user to login to a web app?
I want to use the current logged in Windows AD account to authenticate with my web app.我想使用当前登录的 Windows AD 帐户对我的 Web 应用程序进行身份验证。 It's fine (desired, actually) to have the front end pass the authentication token (or whatever form that takes in AD) to the back end for validation with our SSO provider.让前端将身份验证令牌(或 AD 中采用的任何形式)传递给后端以与我们的 SSO 提供程序进行验证是很好的(实际上是希望的)。 But how do I get the AD information into the front end, so that it can be passed the back end?但是,我怎么取得广告信息到前端,使之可以通过后端? What does this info look like, how is it acquired, etc?这些信息是什么样的,它是如何获得的,等等? I can't find any tutorials or guidance on the topic.我找不到有关该主题的任何教程或指南。
I know this is possible because I see it being done on other web apps, but I don't know how to do it myself and am having a very hard time finding a solution.我知道这是可能的,因为我看到它在其他网络应用程序上完成,但我不知道如何自己做,并且很难找到解决方案。
If you want seamless login (so the user doesn't have to type in their username/password) then you will want Windows Authentication.如果您想要无缝登录(因此用户不必输入他们的用户名/密码),那么您将需要 Windows 身份验证。 You can read about how it works here .您可以在此处阅读它的工作原理。
To make this work with Node.js Express you can use the NodeSSPI package.要使用 Node.js Express 进行这项工作,您可以使用NodeSSPI包。 The documentation has examples on how to use it.该文档包含有关如何使用它的示例。
The browser will also have to trust your site before it will send credentials automatically.浏览器还必须先信任您的站点,然后才能自动发送凭据。 For IE and Chrome, that means adding the site to the list of Trusted Sites in the Internet Options.对于 IE 和 Chrome,这意味着将站点添加到 Internet 选项中的受信任站点列表。 Firefox keeps its own list in the network.automatic-ntlm-auth.trusted-uris
setting in about:config Firefox 在 about:config 的network.automatic-ntlm-auth.trusted-uris
设置中保留自己的列表
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.