0

I am using python flask to develop web services. I want to make web service secure. Need to consume those from Ajax.

I have tried Okta integration but as it is depends on redirect I couldn't achieve the integration. I am thinking to go for windows authentication with our org ldap directory.

Getting windows username and password from windows logged in user and authenticating with ldap.

Could anyone please help me how to achieve it or please post the suggestions for better solution.

Improve this question
3
  • You can use the python-ldap library Commented Nov 27, 2018 at 17:53
  • or ldap3 library. Commented Nov 27, 2018 at 18:05
  • But I don't have any view page to enter username and password. I am trying to get those form windows logged in. Is it possible to get username and password from client window logged in. Commented Nov 27, 2018 at 18:29

1 Answer 1

Reset to default
1

You won't get the username and password from the Windows client -- being able to grab the logon user's password from a remote web site would be an enormous security nightmare.

Assuming not simply asking the user to supply credentials is a non-negotiable design parameter, you need something that can use the logged on user's token ('I trust this token and it says you are this user ID') instead of trying to validate the user/password directly. Kerberos-based authentication if the Windows boxes are logging into an Active Directory & your app is on the same network. Otherwise you'd need some sort of SSO (I frequently use ADFS, if that's set up for the organisation, via MS Graph) -- what would depend on the specifics of the directories available.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hey thanks Lisa for your valuable response. I have done LDAP authentication by some service account. Trying to get windows user name by request.environ.get('REMOTE_USER') and querying ldap for details. Used ajax to call the service. But I am getting 401 Unauthorized and No 'Access-Control-Allow-Origin' header is present on the requested resource. Used apache wsgi with flask services.
Any comments please

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.