Reputation: 595
Authenticating a Cloud NodeJS Backend With WPF Client with Active Directory ADFS
I've asked a similar question in the past: Understanding ADFS Login With Windows Native WPF Client and I seem to have a better understanding of how to authenticate with activity directory ADFS on a WPF Native Windows application (I can use ADAL libraries), but I'm still out of the loop on how I would transfer that authentication to a remote server (NodeJS server)
I've also discovered I can do something like this in order for the native WPF application to find what user is currently logged on, and by using this, the WPF knows that the user is legit since they're logged on to their Windows account.
var context = new PrincipalContext(ContextType.Domain, DOMAINNAME);
var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, Environment.UserName);
But, I don't know how I can transfer this authentication to our remote NodeJS server (no UI, the WPF application is the UI). I can send our remote application details like, the samAccountName is this, but anyone can send to our remote server and claim their samAccountName is this. The WPF knows the user is legit, but our NodeJS application can't verify that. If I add a private certificate to our WPF application for our NodeJS server to verify, the WPF application could be decompiled to get the cert. How do I resolve this?
Upvotes: 1
Views: 248
Answers (1)
Reputation: 690
You are considering authentication in wrong context. e.g. as Node server provide you services, so each client should identify himself to Node server in order to consume Node services. In your implementation, you are authenticating wpf from AD, which is ok, but WPF app acts as a client to Node server, therefore there should be another authentication to provide claim that valid wpf client is connected to server.
Now come to the point, you want to authenticate WPF client + Node server from AD.In this case, actually you are authenticating both apps from some source i.e. AD. To do this you need some middle ware, which can validate both apps.
The answer to this situation is Microsoft Identity Server. Please visit some tutorial, hopefully it will solve your requirement.
Upvotes: 1
Related Questions
- Active Directory authentication with NodeJS
- Windows AD single sign on using javascript and node
- Using JWT with Active Directory authentication in NodeJS backend
- Sign in to Nodejs web app, using Azure AD
- Understanding ADFS Login With Windows Native WPF Client
- Making WPF Application (with Node Backend) Work With ADFS?
- Authenticate with Active Directory using nodeJS
- NodeJS - Authentication with Active Directory
- Authenticate on Azure AD with username and password in a Node.js web app
- Authentication for Azure Active Directory using adal for node.js application