We were asked to move our NodeJS app to run under IIS (Windows Server 2012R2) and integrate with an existing Active Directory. We were requested to remove the login page, and instead use Windows Authentication to get the (already authenticated) user's ID, and the use the groups he/she belongs to, to control their authorization level within the app.
I've installed iisnode to run my app under IIS, and figured I'll use either passport-windowsauth, or node-activedirectory to get the group memebership. However, both require user/password to authenticate the user. My user is already authenticated, and I have no access to his password (nor should I).
How do I go about getting an authenticated user's groups from Active Directory?
Here's what I have so far:
<iisnode promoteServerVars="AUTH_USER,AUTH_TYPE" />
index.js
file, I can then console.log(req.headers['x-iisnode-auth_user']);
and get the correct user name - but I don't know how to proceed from here to getting his/her groupsWell, seems like no one is interested in looking at this question :). I'm assuming IIS + Node.js + Active Directory is an edge case. Here's how I ended up solving this one:
config.json
file (see snippet)..gitignore
so it won't end up in repo.