Why no Authorization Header received in SSO?

Question

I implement a SSO with NTLM and passthru, and it works if our client had joined into domain. As in our code we will check if there is a "Authorization header" in the request header. And the problem is:

1. If our client joined domain, then in our application, I can receive the Authentication header which contain NTLM ...

2. If our client didn't join domain and login buy key in the username and password, no Authorization header are received, so I can not authorized them.
   My problem is : How can I make all the client can send Authorization header all the time even though they didn't join domain ?

Answer 1

If 'Authorization" header is missing in request, you should respond with HTTP status 401 along with "WWW-Authenticate" response header to force clients to login and send "Authorization" request header.