We have been asked by client if we could use their Active Directory credentials to enable login to a WebCore app (backed by an XData server). Anyone know how to go about this?
Thanks
We have been asked by client if we could use their Active Directory credentials to enable login to a WebCore app (backed by an XData server). Anyone know how to go about this?
Thanks
I'm afraid you will have to create a feature request, specially for detailed discussion about what do you expect from this feature.
I'm even not sure if this is possible given the credentials should be retrieved server-side, I'm not sure if the browser can "retrieve" active directory credentials.
I'm the same as you with the 'not sure' bit. I'll get one of my team to do some digging
ChatGPT says:
Integrating a web site login with Active Directory can be done using various approaches. One way is to use the Lightweight Directory Access Protocol (LDAP) to authenticate users against Active Directory. Here are the general steps to achieve this integration:
Here are some additional tips to help you successfully integrate a web site login with Active Directory:
Overall, integrating a web site login with Active Directory requires careful planning and implementation, but it can provide a convenient and secure way to manage user authentication in a corporate environment.
So looks like something we could implement based on a normal login form
Another potential avenue for exploration... Does your XData server access a database in their network? Perhaps it can play a role. Some databases (Windows databases) will use AD for authentication. So you could try and connect to the database using user-supplied credentials, and if it succeeds, consider them authenticated. XData is of course a VCL app, so whatever mechanism you might use to authenticate against AD in a VCL app would work just as well here. Assuming that the XData server has access to AD.
Well, almost everything is "possible". It only depends on the complexity and requirements.
The thing is that the Active Directory information should be available for the API server, not the web client. I don't think users can simply open the browser, login, and then their Active Directory credentials will be magically sent and the server will login them.
Take a look at Auth0 approach, for example: Connect Your App to Active Directory using LDAP
You have to download a specific tool from them, install it in your network, so Auth0 can connect back to your network to be able to retrieve data from LDAP.