Geek Answers Handbook

Retrieving Active Directory NTLM User Data in Rails without IIS

I believe that we can allow Firefox to send NTLM data to SharePoint sites for automatic authentication, and I think it can be done with IIS.

I would like to do the same with the internal Rails site.

Does anyone know how I can authenticate user information such as NTLM through an Apache / mongrel installation (assuming, of course, that it already works in a Windows box inside an Active Directory domain)?

+6
ruby-on-rails active-directory ntlm
source share
7 answers

I assume that you have already developed what HTTP headers you need to send in order to force firefox and IE to send NTLM authentication files and just need to process them on the server side?

You can use some of the ruby โ€‹โ€‹win32 libraries to access the basic Windows authentication features that NTLM handles.

I would suggest that the path of least resistance might be to see if there is a COM component that can authenticate for you, and if so, use it with the Win32OLE Ruby library.

If there is no COM component, you can find something in one of the other libraries that can call your own win32 methods.

If you cannot find this, you will have to write the ruby โ€‹โ€‹C extension. I did this on linux and the ruby โ€‹โ€‹extension is pretty simple, but you may find that the Microsoft authentication API is a little painful.

Hope you start on the right track :-)

+2
source share

I created a tutorial on installing a fixed mod_ntlm module for Apache on Linux and how to pass an authenticated Rails username to NTLM and how to create Rails from this. Therefore, you do not need a Windows server to run the Rails application.

Here you can also learn how to enable NTLM automatic authentication in Firefox - enter "about: config" in the location field, and then search for "network.automatic-ntlm-auth.trusted-uris". There you can enter the servers for which you want to use NTLM automatic authentication.

+10
source share

Some additional information in case someone stumbles about it.

I wanted to do something that, in my opinion, was pretty simple - extract the Windows username using NTLM from the Rails application running on Mongrel / Windows (actually InstantRails). After writing the basic code, perform various validation operations (using the excellent NTLMRuby library at http://rubyforge.org/projects/rubyntlm/ ) and making it work fine in Firefox. I was somewhat disappointed that IE did not work.

Mongrel does not support keep-alives during type 1/2/3 messaging (at least initially, I believe there are hacks / fixes) that IE requires and Firefox goes without it.

Thus, authenticating a Rails server running on Windows with a remote NTLM service (such as Sharepoint or another website) is fairly simple, but authenticating IE browser on a Rails server running on Windows is not that much with Mongrel. IIS will be an option that could be basic Apache with FastCGI. The former feels a little awkward, and the latter will not be as fast as Mongrel.

+4
source share

You can also use the Apache ntlm module , which should pass the header to your application with the username of the authenticated user. This module looks a bit old, but offers some other modules that can suit your needs.

+2
source share

An old question that I know, but stumbled upon, looking for a similar answer.

you can use the methods described here ( http://blog.rayapps.com/2008/12/02/ntlm-windows-domain-authentication-for-rails-application/ ). However, mod_ntlm is intended for Windows authentication on a UNIX / Linux machine. mod_auth_sspi is what you need to authenticate winNT from apache under windows.

+2
source share

This particular project looks promising and is looking for participants:

I have not tried this yet. At the moment, I plan to implement Raymond's solution, as it seems to be very successful.

+2
source share

Check out the Waffle . It provides SSO on Windows servers in Java using the Win32 API. There are a number of implemented filters (servlet, tomcat valve, spring-security).

0
source share

More articles:


All Articles