Authentication in mORMot using Windows credentials
By default, the hash of the user password is stored safely on the server side. This may be an issue for corporate applications, since a new user name / password pair is to be defined by each client, which may be annoying.
Since revision 1.18 of the framework, mORMot is able to use Windows Authentication to identify any user. That is, the user does not need to enter any name nor password, but her/his Windows credentials, as entered at Windows session startup, will be used.
Thanks a lot Chaa for making public your
Open Source is so great sometimes!
Keep the good work!
SSPIAUTH conditional is defined (which is the default),
any call to
TSQLRestClientURI.SetUser() method with a void
aUserName parameter will try to use current logged name and
password to perform a secure Client-Server authentication. In this case, the
aPassword parameter will just be ignored. This will be transparent
to the framework, and a regular session will be created on success.
Only prerequisite is that the
TSQLAuthUser table shall contain
a corresponding entry, with its
LogonName column equals to
'DomainNameUserName' value. This data row won't be created
automatically, since it is up to the application to allow or disallow access
from an authenticated user: you can be member of the domain, but not eligible
to the application.
Of course, if Windows Authentication is defined, the
TSQLRestClientURI.OnAuthentificationFailed callback event shall be
adapted as expected. For instance, you may add a custom notification to
register the corresponding user to the
Thanks Chaa again for the good work!