in a xojo webapp 2.0, I would like to read the authentification from an active directory server
or eventually from an opendirectory server.
are there any example for that ? is it even possible ?
thanks.
I am interested in doing this as well for my intranet web applications, if anyone can provide an example. Thanks.
Yes it can be done. I have 2 webapps running now that do this. Both apps are used in a large corporation with over 1500 employees. It is a complicated process to get it to work. It would take a lot of time to try and explain it here on this forum. We are using Azure, and that is the only one that I have experience with. Here are a couple of things to be aware of. You must allow your specific app in Azure and you must supply a callback URL. There are a lot of options to get the info that you want from the AD. My app simply makes sure that it is a valid current user for our domain. The return URL includes some info about the user, if it is a valid user. Then my app opens the landing page. I can try to answer any specific questions that you might have. Thanks
Thanks Gary for the information, in my organization we are using Active Directory servers and not Azure AD, but that sounds promising you made it work with the latter.
this reminds me of a xojo video on some xojo conference where some speaker talked about this, but I can"t recall which one …
Yep, I got a lot of info from the example that he supplied. I will look and see if I can find that link. Here is a link that also helped a lot.
Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra | Microsoft Learn
Thanks Jean
Yes, that was it. I studied that code and it helped a lot.
In session opening I check session.hashtag , If it is empty then I send the user to the Microsoft login url with all of the info required. Once the user logs in, The redirect url opens another session on the same tab but now I have a hashtag. I then decode the id_token to make sure the key matches what I sent. If it is a match I then extract the email address from the token and verify it is my domain. I then send the user to the working page. If I get an invalid type of response, then I disconnect the session. Hope that helps.
If you have MBS plugins then authenticating using AD is fairly easy to do using LDAPMBS, but there are some limitations. I have to have to have users select the OU that they are in based on our corporate OU organization. I suppose I could write code to check all the OUs, but my users don’t seem to mind selecting their location.
Public Sub User_AuthenticateAD(username As String, domainname As String, password As String, ou As String, usrtyp As String, option As string)
// srchdomain as in "mycompany.com"
Var l as new LDAPMBS(domainname, 389)
If l.Lasterror = 0 Then
// Bind user name must be in the format of username@domainname
l.Bind username + "@" + domainname , password, l.kAuthSimple
If l.Lasterror = 0 Then
LoggedIn = True
LoggedInUserName = username // SAM AccountName
LoggedInUserPassword = password
LoggedInDomain = domainname
LoggedInUserPrincipalName = username + "@" + domainname
'User_UpdateRights
Login.Close
Var UserType As String
Select Case usrtyp
Case "Full"
UserType = "Full Time Users"
Case "Temp"
UserType = "Temp Users"
End Select
Var results() As Dictionary = l.Search("OU=" + UserType + ",OU=Users,OU=" + ou + ",DC=jostens,DC=com", l.kScopeSubtree, "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + username + "))", array("displayName"))
If Not (l = Nil) Then
If l.Lasterror = 0 Or l.Lasterror = 1 Then
If Not (results = Nil) Then
If results.LastIndex >= 0 Then
Var r As Dictionary = results(0)
LoggedInUserDisplayName = r.Value("displayName")
User_UpdateRights
End If
Else
Alert_PlaySound("bad")
Alert_ShowDlg("Error","An error occured querying Active Directory for the user 'Display Name'. Please login to the application again by clicking the login button in the menu bar or by refreshing the Web page.","Caution","Cancel","OK",0,False)
Login.UserLoginCC1.ProgressWheel1.Visible = False
LoggedIn = False
User_UpdateRights
End If
Else
Alert_PlaySound("bad")
Alert_ShowDlg("Error",str(l.Lasterror) + EndOfLine + l.ErrorString(l.Lasterror),"Stop","Cancel","OK",0,False)
End If
Else
Alert_PlaySound("bad")
Alert_ShowDlg("Error","An error occured querying the user 'Display Name'. Please logout of the application and log back in.","Caution","Cancel","OK",0,False)
Login.UserLoginCC1.ProgressWheel1.Visible = False
End If
// Process any optional commands
Select Case option
Case "prefs"
Prefs_Authenticate
End Select
Else
Alert_PlaySound("bad")
Alert_ShowDlg("Bind Error",str(l.Lasterror) + EndOfLine + l.ErrorString(l.Lasterror),"Stop","Cancel","OK",0,False)
Login.UserLoginCC1.ProgressWheel1.Visible = False
End If
Else
Alert_PlaySound("bad")
Alert_ShowDlg("LDAPMBS Error",str(l.Lasterror) + EndOfLine + l.ErrorString(l.Lasterror),"Stop","Cancel","OK",0,False)
Login.UserLoginCC1.ProgressWheel1.Visible = False
End If
End Sub