When you start developing a new eSpace module, by default, it already contains logic to perform end-user authentication. The OutSystems Platform supports three distinct authentication modes out of the box: Internal, Active Directory, LDAP:

By default, Internal authentication is performed.

Authentication Flow

When the user enters the application for the first time, if the screen being accessed only allows authenticated users to see it, then a security exception is raised. The following authentication process is followed:

  1. If the platform is configured to use Windows Integrated Authentication and the end-user is inside the internal network, the user is authenticated using Windows Integrated authentication. Once the user makes a request, the server replies with an HTTP 401 status, signaling to the end-user browser that authentication is required.
    If the browser already has the end-user credentials stored, it automatically sends the credentials to the web server. Otherwise, the browser displays a form for the user to input the credentials and sends them to the server. This means that even if you have a custom Login page, the end-user will not see it. Learn more About Integrated Authentication.

  2. If the platform is not configured to use Windows Integrated Authentication, the user is redirected to a Login screen. When the user submits the credentials:
    1. The credentials are validated against the OutSystems Platform database;
    2. If the platform is configured to authenticate using Active Directory, the credentials are validated against the domain server configured;
    3. If the platform is configured to authenticate using LDAP, the credentials are validated against the LDAP server configured.

If after this process the user could not be authenticated, then an 'Invalid Login' message is displayed to the end-user.

See Also

About End-User Management | Configuring End-User Authentication