tags:

views:

700

answers:

1
+1  Q: 

Get Windows Authentication Token Using Javascript to have Integrated Security (NOT using IIS)

I want to authenticate users on a web application. The users are already logged into their Windows Network. Notice, this is NOT Internet Information Server. I have a Java Application Server on the other side. Is there a way using Javascript or something, so that a Windows Authentication can be taken, then sent to the server, and on the server, that token being validated (assuming the server is on the same network). I have found that you can convert a token into a Windows Principal So I need the Client part. A way to send that token to the server.

Any ideas?

+1  A: 

If you setup your Java web application to support NTLM authentication, e.g. by using the HttpServletFilter from the Samba Java library, this should work without implementing any client side JavaScript.

Depending on which browser the client is using, you may however have to configure the browser to enable NTLM authentication against you server. If I'm not wrong, IE is by default configured to allow transparent NTLM authentication against servers on the local network, but in Firefox, you have to enable NTLM for each specific server address.

jarnbjo  2009-10-02 16:07:39
Imagine you cannot change the application to support NTLM. Do you think of an other way of doing it?I'm actually wanting to see if there is some Javascript way to catch the Windows Token using Javascript. The fact is that our application allows us to create a SSO provider, that we have already created, in Microsoft C++ and we could convert that token into a Windows Principal, and then later decide if it is authenticated or not.
Luis Lobo Borobia  2009-10-02 16:51:45

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security