This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I have a JBoss web application that currently uses FORM-based authentication to request a userid/password from a user and once submitted, a custom login module contacts a custom security service to authenticate the user. This works perfectly.
I now want to change this scenario to be able to auto-detect the userid/password with which the user logged into his Windows workstation, pass this information along with the initial HTTP request, have the custom login module contact the custom security service and authenticate the user. In the case the credentials are not valid, display the "denied" version of the form and let the user enter a different userid/password.
I have been researching this, read many articles about windows integration authentication and tried to prototype something that works. I have applied changes to IE as the articles describe but I bypass the instructions for configuring the server to use login modules that authenticate the credentials with Windows itself because this is not what I need to do. Unfortunately, I have yet to get my scenario to work.
Has anyone ever tried to do this? Does anyone know if it is even possible? All thoughts, suggestions, etc. are greatly appreciated.