Angular 2 - Windows Authentication - without .NET - Node JS API

2
votes

My application is an Angular 2+ SPA, which uses Azure Active Directory and the back end API is implemented in Node JS. Currently, when an user tries to login, an Azure pop-up appears, User enter login/password which will get authenticated in AD, AD returns a bearer token which I use to authenticate Node JS API.

My requirement is, to use Integrated Windows Authentication (IWA). The Front End should use Windows authentication to get the bearer token from AD instead of asking user to enter login/password. How Can I do that? Whatever articles I see about this, all talk about IIS and .Net based application. Should I always use .NET based API to use Windows Authentication? Any hints would be greatly appreciated.

Just a note, the API is an enterprise application hosted in the cloud. All the users are internal company employees and are registered with AD.

1
node.jsangularauthenticationazure-active-directorywindows-authentication
Are users logged in with Azure AD, or your organisation AD?Russell
they use Organisation AD but the Organisation AD and Azure AD is in sync.kanagaraj palanisamy
Added some detials, hope they are helpful.Russell

1 Answers

1
votes

Given you already have Azure AD sync setup, the following may be useful. AAD Connect allows you to seamlessly login with SSO: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso

Azure services doesn't support Windows Authentication, unless you setup a VM with IIS. I assume by your requirements "...Get the bearer token instead of asking user to enter login/password" mean single signon. That is, when a user is logged into the domain on their PC, they don't have to login again to your application.

There are a few ways to approach this depending on your AD configuration, but usually you have to configure ADFS for your organisation AD to allow your cloud app to authenticate you. If you are already logged in, it will simply redirect you and your app will receive the bearer token. https://azure.microsoft.com/en-au/resources/videos/configuring-ad-fs-for-user-sign-in-with-azure-ad-connect/

Another option is to connect your organisation AD with Azure AD, using Azure AD sync. The following link helps with this. You would then configure your app to authenticate against Azure AD (as it currently does). https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad

AD configuration is not a simple configuration,