XData, WebCore, Active Directory

We have been asked by client if we could use their Active Directory credentials to enable login to a WebCore app (backed by an XData server). Anyone know how to go about this?


I'm afraid you will have to create a feature request, specially for detailed discussion about what do you expect from this feature.

I'm even not sure if this is possible given the credentials should be retrieved server-side, I'm not sure if the browser can "retrieve" active directory credentials.

I'm the same as you with the 'not sure' bit. I'll get one of my team to do some digging

ChatGPT says:

Integrating a web site login with Active Directory can be done using various approaches. One way is to use the Lightweight Directory Access Protocol (LDAP) to authenticate users against Active Directory. Here are the general steps to achieve this integration:

  1. Set up an LDAP server on your web server or a separate server if you prefer.
  2. Configure the LDAP server to connect to the Active Directory domain controller(s) and retrieve user information.
  3. In your web application, create a login page with a form that asks users to enter their Active Directory credentials (username and password).
  4. When a user submits the form, the web application will use the LDAP server to validate the user's credentials against Active Directory.
  5. If the user's credentials are valid, the web application will create a session for the user and allow access to the appropriate resources.

Here are some additional tips to help you successfully integrate a web site login with Active Directory:

  • Use secure protocols such as HTTPS and LDAPS to encrypt all communication between the web application and Active Directory.
  • Consider implementing single sign-on (SSO) to allow users to access multiple web applications with a single set of credentials.
  • Use a dedicated service account for the LDAP connection and restrict its access to only the necessary Active Directory objects.
  • Test the integration thoroughly before deploying to production.

Overall, integrating a web site login with Active Directory requires careful planning and implementation, but it can provide a convenient and secure way to manage user authentication in a corporate environment.

So looks like something we could implement based on a normal login form

Another potential avenue for exploration... Does your XData server access a database in their network? Perhaps it can play a role. Some databases (Windows databases) will use AD for authentication. So you could try and connect to the database using user-supplied credentials, and if it succeeds, consider them authenticated. XData is of course a VCL app, so whatever mechanism you might use to authenticate against AD in a VCL app would work just as well here. Assuming that the XData server has access to AD.

1 Like

Well, almost everything is "possible". It only depends on the complexity and requirements.

The thing is that the Active Directory information should be available for the API server, not the web client. I don't think users can simply open the browser, login, and then their Active Directory credentials will be magically sent and the server will login them.

Take a look at Auth0 approach, for example: Connect Your App to Active Directory using LDAP

You have to download a specific tool from them, install it in your network, so Auth0 can connect back to your network to be able to retrieve data from LDAP.

1 Like