I'm considering developing a solution that is to be run in a local network (Intranet).
In order to keep track of user rights and changes done by users, it will be necessary to pick up AD session / credentials in order to provide a single sign-on solution.

How can this be solved within the EWB framework?

Br
Petter

On 12/17/2014 4:07 AM, Petter Topp wrote:
> I'm considering developing a solution that is to be run in a local network (Intranet).
> In order to keep track of user rights and changes done by users, it will be necessary to pick up AD session / credentials in order to provide a single sign-on solution.
> How can this be solved within the EWB framework?

Is the solution running in browser or are you wrapping it somehow into
an executable ?

For pure browser based solution I doubt you can do this in javascript
(EWB)  without help of some 3rd party browser plugin as this would be a
security vulnerability otherwise.

However you could host the EWB app on IIS server that requires
authentication and allows domain auth with sso (likely will only work in
IE though not sure on this part).

Raul

Raul wrote:

On 12/17/2014 4:07 AM, Petter Topp wrote:
> I'm considering developing a solution that is to be run in a local network (Intranet).
> In order to keep track of user rights and changes done by users, it will be necessary to pick up AD session / credentials in order to provide a single sign-on solution.
> How can this be solved within the EWB framework?

Is the solution running in browser or are you wrapping it somehow into
an executable ?

For pure browser based solution I doubt you can do this in javascript
(EWB)  without help of some 3rd party browser plugin as this would be a
security vulnerability otherwise.

However you could host the EWB app on IIS server that requires
authentication and allows domain auth with sso (likely will only work in
IE though not sure on this part).

Raul

Hi Raul.

1. The solution will run in a browser...
2. Do you know where I can find the steps on how to host an EWB application on IIS?

Br.
Petter

Petter,

The key with all this is that your WebBuilder application will just be
Javascript, like any other javascript application. Therefore you just
need to do a search for how to achieve what you want in javascript, and
once you have the mechanism identified, you can use that in EWB.

A quick Google for "javascript active directory authentication" shows
that it is possible in a number of ways. If you can find one that uses
a simple javascript interface, then you can call any normal .js file
from your EWB code. What you don't want is a big UI framework that does
it.

As for hosting on IIS, the EWB application is just javascript that is
fed from a web server. If you don't need to talk to any data on the
server, then it is very simple. If you need to talk to the server, then
you need to write code for it using whatever you want for the server
side. ASP.NET would be a good fit for IIS.

If you are wanting to use the EWB server for simple database purposes,
then you'd need to look into how that does authentication and write an
AD interface module.

--

Matthew Jones

On 1/5/2015 9:37 AM, Matthew Jones wrote:
> A quick Google for "javascript active directory authentication" shows
> that it is possible in a number of ways. If you can find one that uses

As i understood it he wants a single-sign on in terms of user not having
to authenticate at all in EWB app but browser/EWB app using the already
authenticated windows credentials instead (vs the other option also
called SSO in which user would still login in EWB app but would enter
their AD credentials - lot easier to do).

I know IE can do it as i've seen it myself but not with other browsers.

Raul

On 1/5/2015 8:25 AM, Petter Topp wrote:
> 2. Do you know where I can find the steps on how to host an EWB application on IIS?

EWB application itself is just a bunch of files (html, js, css) so you
would host it the same you host any web files with IIS.

If your EWB app also needs to do web service calls then you have few
options :

1. write your own IIS side web server (asp/aspx etc). Most work

2. You could in theory host a ewb web server alongside iis on some other
port (so ewb app loads from authenticated IIS session but then talks to
EWB Web Server for web services) but problem here is that you have no
easy way of authenticating the web service calls to the actual user (i
assume you want the data acces to be authenticated since your wanted the
ewb app to be authenticated)

Raul

>Raul wrote:

>On 1/5/2015 9:37 AM, Matthew Jones wrote:
>> A quick Google for "javascript active directory authentication" shows
>> that it is possible in a number of ways. If you can find one that uses

>As i understood it he wants a single-sign on in terms of user not having
>to authenticate at all in EWB app but browser/EWB app using the already
>authenticated windows credentials instead (vs the other option also
>called SSO in which user would still login in EWB app but would enter
>their AD credentials - lot easier to do).

>I know IE can do it as i've seen it myself but not with other browsers.

>Raul


Your summary is spot-on Raul, this is what I would like to accomplish.

Petter

"Matthew Jones" wrote:

>If you are wanting to use the EWB server for simple database purposes,
>then you'd need to look into how that does authentication and write an
>AD interface module.

Matthew:

As for the IIS - I was curious, since this seemed like a simple solution. Given my requirement for using a server to access data in a database, involving IIS only seems like increasing the complexity.

The web application I'm contemplating on building will use the EWB server or some other server to access a database. So you last suggestion is probably the way I will go, at least it seems like the most feasible solution...

I have worked with CMS frameworks that have solved this, and the more I think of it, it's obvious that this is done at server side.

Thank you both Matthew and Raul for pointing the direction

Writing a web application is quite challenging as opposed to writing desktop applications...

Br
Petter

Petter Topp wrote:

> Your summary is spot-on Raul, this is what I would like to accomplish.

If you need it in-browser, that's beyond me. I did look at doing
"single sign on" for an organisation for one service, but that was a
central directory check so the users had a single password across all
systems, not an automatically entered authentication. For that, I'd be
looking at what the browser offers generally, it won't be an EWB
specific thing.

--

Matthew Jones

Petter Topp wrote:

>  involving IIS only seems like increasing the complexity.

I just googled for "asp.net automatic active directory authentication"
and it suggested "apache" and a few others at the start. The answer for
this one though is interesting:


http://stackoverflow.com/questions/23374881/automatic-or-manual-active-directory-authentication-in-asp-net-mvc

Basically, a lot of sysadmins will disable Windows authentication. If
your application is for internal use, then you'd be in control of that,
but it looks like a bit of searching and working out how it all works
will help you set off on the right track.

--

Matthew Jones