Meteor user strategies on IISNode (Accounts and Passport with Integrated Windows Authentication)


#1

I have an application that is running via IISnode on a Windows server. The application is to be installed on-premise for enterprise customers. In these environments browsers login to the domain automatically (Explorer has always done it, but Firefox picked up the same strategy a long time ago and Chrome enabled this by default a good time ago too, IIRC).

For an ASP.Net site the server side code would be able to find out which user was logged on to the system without the user having to manually login, often referred to as Integrated Windows Authentication.

I need my Meteor application to behave the same way. Does anyone have any experience in doing this?

  • Since it is running in IISNode I was thinking that this should now be possible (and easier than if running in Meteor). Meteor has a built in Accounts system, but I don’t think I’ve seen AD implementation options for it.

  • Another option would be to use Passport, with i.e. . One benefit of using passport I see is that when developing the application I am running it in Meteor directly. Meaning, I don’t have access to the IIS information. If I was using passport I could set the configuration for passport to point to my AD, and I could log on even during development. Since in dev mode the browser doesn’t automatically login to the domain, the Meteor process would not automatically be able to know who I am, so I would have to manually logon. If I however was running the site in production mode via IISNode I am guessing that Passport should be able to figure that out and log me in automatically. In other words, logon directly if it can (when on IISNode) prompt me for manual login when running on Meteor. But, does this integrate with Accounts, or do I have to integrate the Passport authentication into Accounts myself (as in create and login the user based on passport activities). Meaning that all the auth work will be Passport, except that this is patched into the local Meteor Accounts system as a convenience for Meteor methods. Or am I missing something here? Another benefit is obviously the possibility of (easily) adding other authentication strategies later.
    I have found some Passport links that I believe are relevant:

Anyone with experiences and/or suggestions on how to do this?


#2

I am trying to follow the path of using passport with passport-windowsauth as a solution.

I am however stuck at the integration with Meteor. All the passport examples are related to being used with connect or express as middleware. They all use res and req objects as part of the flow. Which does not seem to be what I want - and I can’t seem to figure out how to integrate passport with meteor.

Is someone here able to understand how this could be done? I wa almost hoping that someone had written a meteor-passport library, that would integrate them. I somehow think that it should be possible.