I am in the process of implementing a single page app based on Angular and Node.js, running on a Windows Server within a corporate Windows Active directory domain environment. I know that it is possible to authenticate via AD (by passing a username and password) with the assistance of node packages such as "passport-ldapauth" and "node-activedirectory".
My question is: what would be the most feasible/straight-forward way of implementing single sign-on functionality, so that a user that had already authenticated to Active Directory on the PC / domain would not have to enter their AD username/password again?
I have come across Auth0 packages which are able to do this, but I understand they required an externally hosted cloud service? (which is not an option for me).
Thanks very much in advance.
Update: I have been investigating Kerberos as this could be a solution, however there does not seem to be any mature NPM packages out there for node and Kerberos ?
Update 2: I have found a package called Node-SSPI that looks very promising. I have not had a chance to try it out on windows domain (hopefully will tomorrow) but it was able to verify the user logged on to my local machine.
Thanks
Since 2020, it can also be done with node-expose-sspi. This module let you deal with the Microsoft SSPI API which was exposed to Node.
SSO can be done with both Kerberos and NTLM. It has been tested and is in production as intranet ERP.
Note: I am the author of node-expose-sspi.
As the author noted in their update, this can be done with Node-SSPI. I verified that it also works on a windows domain.
Related
Are there any built-in methods in Electron / Node.js allowing to transfer a file over local network to another device?
I want to be able to send files locally from one computer to another (through an Electron app), but I also want it to be able to send files to smartphones.
How do I do it? Is it possible to just create a temp local server and download the file from another device by opening the URL (e.g. 192.168.0.x:x/file.txt)?
I tried using https://www.npmjs.com/package/quick-transfer which does exactly that, but for some reason opening the link on another device doesn't do anything.
As painful as it is for me to suggest... I'd recommend WebRTC for this, for these reasons:
It will make a local connection, when possible.
It will work over the internet as well, if required.
You can work around any firewall difficulties with TURN.
You will have compatibility with browsers.
You won't be opening up some server to a file that anyone on the network can get... transmission occurs over a secured connection. (This doesn't mean you can ignore other security aspects in your application however!)
Sample code: https://webrtc.github.io/samples/src/content/datachannel/filetransfer/
Commentary: It's amusing to me that in 2018, we still haven't solved the problem of sending a file from point A to point B. Network Neighborhood in Windows was the golden age, and now it's all screwed up with this newfangled cloud crap. :-) Obligatory: https://xkcd.com/949/
I am about to finish my Google Chrome extension. If I'm not mistaking all Chrome apps come with a capability of auto-updating. If so, is there a way for me to test it before I submit my app to the Chrome Web Store?
PS. Also do I need to account for any special conditions in my extension?
To test the updating procedure, it's best to submit your extension to the Web Store in a non-public fashion.
As you publish an item, you have a choice of Public, Unlisted, and Trusted Testers publication.
Public means that the extension will be searchable and everyone can install
Unlisted means everyone can install, but they need the direct link to the extension listing; it will not be searchable in the Web Store and not indexable by search engines.
Trusted Testers is the same as above, but also restricts installs to a whitelist of Google Accounts.
Go with any non-Public option and you can test it as it would actually behave (including the unfortunate delay of automatic review checks).
The method described by kadaj is no longer valid for Windows, as Chrome will reject any CRX not hosted by the Web Store.
But previously, yes, you could test this with setting up your own hosting (i.e. Dropbox Public folder) of the CRX and its associated update XML, as described in the guide. This still works for non-Windows platforms, as well as Dev/Canary builds on Windows.
All you need is to increment version number in your manifest file and the chrome app will automatically update itself. If you want to test this you can host your own extension and specify a update_url. Follow the guide at https://developer.chrome.com/extensions/autoupdate
I have an HTML project (CSS/JS/jQuery) that I'd like to test on an iPad (in Safari). From what I've read, iOS browsers don't support the file:///path/to/project protocol, and even if it did, I don't believe that you'd be able to navigate the file system to where your project is located.
Please correct me on any of this information if I'm wrong, I'm an Android guy so much of this is new to me. Nonetheless, I tried to use an app called Fileapp to solve my problem. I was able to access and load my project, but it was within Fileapp's native browser, and not Safari (unless it actually WAS Safari and it was just masked).
Does anybody know of a solution to my problem (preferably free)?
2016 UPDATE:
There are several services which now make this easy. If you don't have your own web server check out one of these free services which make updating a live webpage from your PC easy:
Heroku
Git Pages
Both of these services require using git, learn it, you won't regret it.
Days of FTPing or using Dropbox to serve html to an iPad are long gone.
If you need to be able to do this while not connected to the internet check out this article on using local IP tunneling. This would essentially open up the localhost on your PC to be viewed by anyone on a wifi network, regardless of if the wifi was actually connected to the Internet.
http://wesbos.com/localhost-mobile-device-testing/
I prefer Heroku as I am more likely to be switching between locations and PC's than I am to be on a wifi network without an Internet connection.
OLD ANSWER 2012
Get a Dropbox account and put the project in your public folder.
Right click to get the public link and then browse to that location on your iPad.
When I get link from the iPad app it doesn't work it just shows the raw html with a URL structure like so
dropbox.com/s/...
When I go to the website and copy public link (only available if the file is in PUBLIC FOLDER) I get the link that actually works.
Apache probably isn't the most convenient webserver to use for this kind of ad-hoc serving of a local project. Instead, if you're on Mac or on a Linux distribution that has Python installed (which is most of them), you can launch a webserver to serve your current working directory at the terminal with a one-liner:
python -m SimpleHTTPServer
By default it will serve on port 8000; you can specify another port by passing it as a final argument to the command.
To connect to this server from another device, like your iPad or phone, first of all you'll need to make sure your phone is connected to the same local network as your Mac or Linux PC. Then, on the computer, run
ifconfig
and look through the output for your local IP address, which will be labelled as inet addr in the output and listed under one of the connections other than "Local Loopback". On my current PC, I see inet addr:192.168.0.3 listed under the wlan0 connection.
Now, on your phone, open your browser of choice and navigate to the IP address you got from ifconfig on whatever port SimpleHTTPServer is serving on. For example, http://192.168.0.3:8000. You'll be presented with a directory listing corresponding to the directory in which you launched the server, and from there you can view whatever files you're interested in.
The answer to your question is that even with iPadOS the iPad is not a replacement for a Windows, Linux, or Mac. Still too many “can’t get there from here” cases.
One solution to the problem, as pointed out by minitech in the comments of the original questions, was to set up an apache server on my local network and connect directly to it. This worked exactly as I needed it to.
I've got an ASP website running on IIS 7.0. The app pool is classic, .NET 2.0. The identity of the process is the NetworkService.
The problem I've got is that on the server, I have some Javascript that (used to work) would create an ActiveX object of Scripting.FileSystemObject and try to create a folder in a virtual directory that happened to be on a shared folder in a remote machine.
I get a "permission denied" exception.
The virtual folder has a user account associated with it that's on our domain so it should be able access the shared folder no problem. When I do the "test connection" in IIS, it tells me so. I've tried giving it a full admin account just to see if it would work, but it doesn't. I even tried changing the application pool identity to a domain account but that didn't work either.
I've run out of ideas regarding what to try. Any suggestions are greatly appreciated,
mj
I figured the stupid thing out.
Apparently, I had to set the authentication settings in IIS7 to a user on my domain. I thought that just setting up the account under the virtual directory set up was enough but apparently not.
I want to complement this question with information that newer versions of IIS uses the Application Pool user (default: IIS APPPOOL to find it search for IIS APPPOOL\ ) to control the folder permissions. So if you get a permission denied creating folder or trying to upload file, adding write permissions to the folder for user IIS AppPool user might work.
We have a web application. There are physical devices that we need to be able to communicate with, and we have access to all of our clients computers to install whatever software we need. Now, for the question: Is there a way to make this browser-agnostic? As in, not requiring ActiveX controls?
One of my ideas was to install a custom made webserver on each client and then have javascript on our webpage that communicates with that webserver. This could be done by the same way that http://earlz.biz.tm javascript can access subdomains assigned to 127.0.0.1 such as http://loopback.earlz.biz.tm The problem with this of course is that the client's custom made webserver would be forced to run on port 80(which will have conflicts at least sometimes), or we would have to use a nonstandard port for our web application, which is quite undesirable.
Does anyone else have ideas on how to do this?
Just to clarify. Our clients will be using regular PCs with Windows. We need to communicate with physical devices through these PCs. One such thing is a signature pad. So we want for people to be able to sign the signature pad and it show up in the web page.
I don't think browser-based is the solution for this. There are too many security issues. You're better off writing a desktop application that incorporates some web functionality.
I think web servers and possibly comet is the way to go.
Web servers can run on any port you like, as long as there aren't any firewalls blocking the ports, or they are configured to allow http traffic to pass through on different ports. Although theres nothing wrong with just using port 80 either.
On the mini web server you will then need to interact with the device. You mention you are a .net shop, so you will probably have to install linux and apache + mono on these devices - not sure if this is feasible.
Sounds like a great project.
I would try to look at Java Applets...
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html
"JDK 1.1 signed applets can access local system resources if the local system is properly set up to allow it. See the JDK 1.1 Signed Applet Example page for details."