Combining Authentication Methods - Windows Integrated, Active Directory & Outsystems

Combining Authentication Methods - Windows Integrated, Active Directory & Outsystems

  

We are building an application that can be used by company users (In their work computers or not) and non-company users.

We want to use three methods of authentication:

Windows Integrated Authentication: A company user on his work computer, should automatically be logged in without being prompted for credentials.

AD Authentication: A company user not on his work computer. Has to login using his credentials.

Outsystems Authentication: A non-company user. Has to login using his outsystems credentials.

The server we are using is a on-premises environment in the same domain as the company users. We have Windows Server 2012, IIS 8 and Outsystems 10.

At this time we are able to either have Active Directory and Outsystems Authentication, or Windows Authentication, but not all at once.

Problems:

  • When Windows Integrated Authentication is enabled, the user is prompted to enter his credentials, instead of logging in automatically. This happens even though the Windows user is clearly logged in.
  • When Windows Integrated Authentication is enabled, if the user decides not to enter his credentials, clicks cancel, he is redirected to a IIS page (401 - Unauthorized) instead of the login page.

Figure: Windows Authentication prompt.


Basically, we want a login flow that checks if the Windows user is registered in the Active Directory, if he is then log the user in the application, if he is not, then redirect to a normal login page, not showing the above prompt.

Does anyone know how this could be achieved?


Best Regards,

João


Greetings João Mateus

I've just saw your post now. Perhaps the browser you tested this with isn't sending the information about the authenticated user for security reasons. If you are using Internet Explore you can you try these instructions: http://www.outsystems.com/forums/discussion/7321/windows-integrated-authentication/#Post21247.


Best Regards