Using ActiveDirectory in a Sinatra intranet app

[Max Mitchell]

Hi,

I'm working on a Sinatra app to add voting the an webpage (loaded via
an iframe into the intranet). Everyone is logged into the network, but
I want to automatically authenticate them via ActiveDirectory to
ensure people only vote once.

Does anyone know of any examples using ActiveDirectory or how I get
user's network usernames?

Thanks,

Max

[Paul Vaillant]

Are you looking to have the users type their user names and passwords
into the Sinatra application or just have it recognize that they are
currently logged in?

If you want them to type in their info, you can query ActiveDirectory
using a ruby ldap library (see http://wiki.rubyonrails.org/rails/pages/ActiveDirectory)
to validate their password.

If you want to have their browser pass their credentials you can use
NTLM. I don't think Sinatra can do NTLM on it's own, but if you're
running Sinatra with Apache (as a proxy or using Passenger Phusion
[aka mod_rails / mod_rack]) then there is an Apache NTLM module and
all you have to do is check request.env['REMOTE_USER'] which Apache
will pass to Sinatra. See http://www.zorched.net/2007/06/04/active-directory-authentication-for-ruby-on-rails/
for an example.

paul

[Max Mitchell]

It'd be the latter. They've got to be logged in to get to the page,
but all I need to do is snag a username.

Looks like Mongrel can be configured to do NTLM and get the
REMOTE_USER (http://github.com/secobarbital/mongrel-ntlm/tree/master).

The examples shown are for Rails though
(http://mentalpagingspace.blogspot.com/2008/12/rails-to-windows-integration-single.html)
and not Mongrel.

Max


2009/1/8 Paul Vaillant <paul.v...@gmail.com>:

[Markus Prinz]

On 09.01.2009, at 00:12, Max Mitchell wrote:

>
> It'd be the latter. They've got to be logged in to get to the page,
> but all I need to do is snag a username.
>
> Looks like Mongrel can be configured to do NTLM and get the
> REMOTE_USER (http://github.com/secobarbital/mongrel-ntlm/tree/master).
>
> The examples shown are for Rails though
> (http://mentalpagingspace.blogspot.com/2008/12/rails-to-windows-integration-single.html
> )
> and not Mongrel.

Looking through the code on github, I think you can pretty much ignore
the code in the blog post, which just appears to make the NTLM Mongrel
handler play nice with an existing Accounts controller in Rails.

g, Markus

[Paul Vaillant]

Also looking through the code, it seems at first glance that it will
only work if it's running on a Windows machine (which may or may not
be a problem for you). lib / mongrel_ntlm / rubysspi_extensions.rb
references the Win32 API which I'm pretty sure it only in the Windows
version of ruby.

paul

[Mario Ruiz]

In my case I'm using a Windows 7 Server with Ruby 1.8.7 and "thin", any idea on how to get the REMOTE_USER?

[Don Hill]

I think that's a tricky one unless you are on IE using NTLM security. You may be able to setup IIS security against AD to perform this and then modify the header to pass the information  to Sinatra.

--
You received this message because you are subscribed to the Google Groups "sinatrarb" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sinatrarb+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.