Integrated Security

Integrated Security

  
Hi!

I've checked all documentation, all forums, and still no answer to this...
How can I validate login from Windows environment, not from database?
That is, a user logs in the system (Windows) and in the OutSystems application automatically, with his Active Directory login/pw. Then, he wants to logout so another user can login again in the same application without restarting the system.
So, a login screen is displayed, where the 2nd user can input his login/pw. How can this 2nd login/pw be validated from the system, not from the OutSystems application database?
I believe it's done thru Integrated Security action. But I can't find how is that done.
Can you help me?

Thanks
Hi Fernando!

From what I understood from your post, you want to achieve 2 different logins:
- automatic login, based on the windows credentials of the user session
- login validating username and password against active directory / NTLM

For the first one you need to place an entry point in your application that requires “Integrated Authentication”. That screen will have to be accessible for anonymous users. In the Preparation Action of that screen you will use the “IntegratedSecurityGetDetails” actions to verify the user’s domain and username (take a look at the service studio help page for integrated authentication). Then you’ll use the Login action to login the user, without password. (You still need to create the user)

Regarding the latter scenario, in order to allow a login for a user different from the one that is currently logged in windows, you will need to place a different entry point where you would ask the user for username and password; you’d then need to validate it against an Active Directory or Domain Server, possibly using an LDAP extension. The you would proceed as in scenario 1, creating and logging in the user (without password). If you implement scenario 2, I’d also recommend that you use SSL for the login screen, so that username and password are not sent in clear text.

I hope this helps.

Frederico
Frederico

Thanks for your reply.
I could manage all the points you wrote... except one... and that's exactly what I meant in my question. I'm sorry if I didn't explain correctly my main doubt.
The one I couldn't get, is the validation to LDAP.
You say: "you’d then need to validate it against an Active Directory or Domain Server, possibly using an LDAP extension" - How can that be done?

Fernando
Fernando:

We use a LDAP extension that we have built as a generic LDAP interface.

I have attached it to my post. I also included a test OML that allows you to login the application using a validation in the domain (please note that the server must be a part of the domain in order to validate the login). The login also creates the user in the database and logs it in using the Login Built-in action.

This allows you to use the password validation from the LDAP/AD and still use the permission areas and all application security form Hub Edition. When the user logs back in, all you have to do is find it by username in the DB, check the password with the LDAP extension and, if it is successfull, log it in the application directly.

Please note that this extension is not supported by Outsystems. If you have problems using it please refer to the forums and we will do what we can to help you out.

I hope this solves your problem!


Hi all,

I'd just like to add that those of you using Windows Authentication can found more information about it in the OutSystems Service Studio help file, topic Handling Security/Integrated Authentication.

Enjoy,

Carlos
Thanks Miguel
That works!

Fernando