How to pass Windows Authentication details to react application - reactjs

I have built a react web application for a client that is hosted on Windows Server 2016 in IIS (configured with windows authentication) I can see the www-Authenticate Negotiate response header and when I look at the IIS logs I can see my username in the cs-username field. Is there an easy way to pass the client user's details from the web server to the react client application so I can display a user's information or is this going to require building a custom .Net app to handle? I'm pretty new to SSO, Active Directory and Windows Auth so I'm looking for the easiest solution possible

Related

How use Windows Login in Winforms application to access SAML Service Provider

I'm working with a company that has a WinForms application running on a corporate windows network. The application currently connects to a web application server that has its own private username/password store. The web app server has JSP based UIs, but also has some web services which support JWT based authentication.
The company would like to use use accounts from its windows domain to authenticate the users rather than using a separate set of usernames and passwords. The company's domain has an AD FS server and the web application is a SAML service provider.
The question is, is it possible to use the identity information from the original windows login to get a SAML token from ADFS and then use that token to talk to web services on the web application machine?
We're looking at Windows Identity Foundation built into the .net framework as a possibility. Open ID Connect also seems like a possibility, but we don't want to have to present the user a web page for them to log in; we want to use the original windows login identity information to automatically grant access to the service provider.
Is this possible?
SAML support is already built into the web application, but if necessary we could add support for OpenID Connect.
ADFS does have the ability to generate JWT tokens but sadly not for SAML.
There is no way to convert a SAML token to a JWT one that is signed.
SAML doesn't really have support for web API / web services.
WS-Fed does but it's WCF not web API.
The easiest way is to convert to OpenID Connect. That does deliver a JWT token that you can use to authenticate to a web API. You need ADFS 4.0 to do this.

Cross Domain windows authentication in Angular js application

We have created an application and a web api which are hosted in various domains(or ports). I want to integrated both windows authentication as well as Forms authentication. So I need logged in user name in the web api.
I have added header withCredentials in ajax post and i am not getting the username. I have used HttpContext.Current.User to get the username. But the same is working properly when the application and the webapi are hosted in the same port or same domain.
Can any one help me out??
Regards,
ganesh. k

Is there a way to link a Joomla PHP login page to a C# ASP.Net login function (will be used for SharePoint login with Basic auth)?

I'm currently developing a C# MVC Web API to act as a middleman between a Joomla 3.6 site and a SharePoint 2013 server, both installed in IIS 8.5 on Windows Server 2012 R2. Both the Joomla 3.6 site and SharePoint 2013 are already set up and functional, SharePoint has an active development site already set up, and I'm currently working on a SharePoint app/C# ASP MVC Web API to handle any requests between Joomla and SharePoint. This app handles any request, including logins (which are to be verified against Active Directory on a server), file upload/download, and searching users/documents/tags, among others. The C# app/web API endpoints are also only allowed to be called by users logged into the system, except for login.
My question becomes this, then. Put simply, is there any way I can tell the Joomla 3.6 website, when a user attempts to log in to the system (using the login page), to call my login endpoint and/or somehow authenticate with the SharePoint 2013 server? Preferably, I'd like to use my own C# login endpoint to interact with SharePoint in this case, unless that is not possible.
Thanks.
Yes, there is a mechanism provided via Joomla plugins. I've developed authentication plugins for several third party services.
You would develop a user plugin which hooks into the onAuthenticate event, allowing you to intercept and authenticate the user without them being the wiser.
If you need to add additional fields to login for (i.e. domain) you can also hook into the onContentPrepareForm event and add, alter or remove form fields
This is also one use-case where there is pretty decent documentation available.
https://docs.joomla.org/J3.x:Creating_a_Plugin_for_Joomla
https://docs.joomla.org/J3.x:Creating_an_Authentication_Plugin_for_Joomla
https://docs.joomla.org/Plugin/Events

OAuth2/OpenID authentication login redirect not displaying in phone Office Web app or IOS Office Web app

I'm currently try to develop an Office web addin, integrated in the Outlook (Read and Compose).
Everything works fine, except the authentication process.
Indeed, We have to authenticate the user from within Azure AD to access another application (our own application using the Azure AD Architecture where we need to call some web apis)
The solution I used is issued from this great article from Richard diZerega :
Connecting to SharePoint from Azure web app
This solution (we opt for the last scenario) works fine in our Desktop and Web based solution.
But it clearely doesn't work in phone web app , IOS app.
The problem comes from the popup Windows allowing the user to log in.
Actually, window.open, window.location.replace etc ... don't work "as expected" in our Outlook frame.
Everytime it open a popup window. (This is a good solution when the user use the desktop or web Outlook application)
I remember read somewhere that the Office Window where the plugin is loaded, is a secured Window where we can't do any sort of redirection.
I tried to work with ADAL.js, enabling the implicit flow of course, but the problem is the same. We need to redirect the frame to the Azure AD login page.
Finally, the question is : How to deal with an OAuth2/OpenID authentication in an Outlook web addin, and when we want it to work with all kind of devices ?
Login in Adal.Js is a page redirect by default. You don't have pop up issue. Adal.Js gets idtoken initially to be used for your own back end. It also does iframe requests to get access tokens for API endpoints. Office365 APIs support CORS api requests and you can use adal.js to send requests. Tokens will be attached to the requests if you define the endpoints in the config.
You can read about examples here: https://blogs.office.com/2015/03/06/increasing-opportunities-javascript-developers-office-365-platform/
or here : http://www.andrewconnell.com/blog/adal-js-cors-with-o365-apis-files-sharepoint

how to force client(winform) application to use NTLM when calling web services

I have a winform application calling web services hosted in IIS, by default, the client app will use Kerberose for authentication to IIS, and it failed for some reasons。 But the same app works fine at another PC(with different user login), and I found it is using NTLM by checking the IIS server event log.
is there anyway we can change the client app(winform) authentication type?
Thanks in advance
As per the HttpWebRequest.Credentials documentation, to restrict the request authentication to particular methods only, you need to create a new instance of the CredentialCache class, bind your credentials to the desired authentication methods and set it to the Credentials property.
Have u tried hosting the web services with Windows authentication? Then the consuming application must also use the same authentication to access the web service.

Resources