5

I have created an angular 2 application. Now, these are the requirements for windows authentication.

1) If any user within the organization access this application, he should not get the login prompt and should be able to login directly into the application.

2) If any specific user within the organization tries to access the application, then he should get the specific role(Like admin, Manager) and able to login directly.

3) If any user outside the organization tries to access the application, he should get the login prompt.

Edit: Backend will also play the significant role. I have created rest API using node js and express. So will this passport package help in my case? I have implemented the passport.js on my node js rest API, but now how to validate that thing on the angular side.

Any help will be appreciated and bounty awarded.

Improve this question
5
  • Why do you think it doesn't matter what backend you do and how do you think JS in the browser is going to interact with windows auth without some sort of backend? Are you using WinJS or something else that gives your application access to system level information outside of the browser context? Commented Nov 29, 2017 at 19:25
  • @shaunhusain Edited the question... Commented Nov 29, 2017 at 19:30
  • 1
    yup that linked package looks like it will help you as it seems you've realized ultimately you just need to tap into active directory somehow to get this data the angular side will be as though authentication is happening through any other system really. If you want to protect all the client code (typically not necessary usually data is what matters) you can restrict that in the node server config but typically good enough to check from the client to see if auth is allowed and make sure the server denies requests based on checking AD privileges for the user. Commented Nov 29, 2017 at 19:34
  • 1
    The difficult part here will be how to determine from the info the client sends which AD user they are... there will be complications but I think that's the right direction or thought process at least. Commented Nov 29, 2017 at 19:35
  • Thanks, @shaunhusain , I have implemented this passport.js in my nodejs rest api. But Do you know, How can I use those validations on the angular side? Commented Dec 1, 2017 at 4:50

1 Answer 1

Reset to default
5
+25

For this to work the back-end will be your primary point of call, passport.js (Implemented in your node.js not your client) will allow you to do a lot of the heavy lifting but will still require some fundamental changes to your web server.

You are looking to implement IWA (Integrated Windows Authentication) here, if you wish your client to know which roles the user has the way I would suggest would be to create a API on the server side that returns these variables as part of its response (then take them and store them somewhere for your angular2 to use).

For example you could have /authCheck return { role: [], username: "Username" } and if the user is not authenticated return a 401. This way if the passthrough IWA fails you can handle the 401 response by directing a user to the login page.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.