For web applications running inside a corporate intranet where users are maintained by a Microsoft Windows Active Directory, a seamless authentication method is often desired. If your web application consists of only Microsoft technologies, then just surf on Microsoft web site and follow their instructions.
Authentication in ASP is extremely simple; all you need to secure your asp page is to configure IIS to set the directory where your page resides to use Integrated Windows Authentication. Then in your ASP page, you just need to add this line:
userId = request.ServerVariables("LOGON_USER")
That’s all! You’ll get the NT login ID that identifies who the user is and then you can move on to authorization. All the work is done for you behind the scence.
But if you’re a Java guy who also wants to give users a seamless authentication experience, you’ll have to look elsewhere.
JCIFS is an answer - almost. I’ve used it and my users got authenticated just fine for most of the time. Occasionally, my users could not be authenticated due to some changes in the network, their environments, whatever… In my experience, the one liner in ASP worked when JCIFS failed. As an application developer who would rather concentrate on developing front end applications, I’ve given up on getting the right network IP addresses to configure the NtlmHttpFilter for JCIFS. In fact, when users could not be authenticated, nobody seems to know what happens. Trying to understand the JCIFS source code is just fruitless when dealing with frustrated users. So here is a way to leverage it: let Microsoft technologies say with Microsoft technologies. They can be a black box - a reliable black box. Who cares as long as it works?
No comments:
Post a Comment