I have a JBoss web application that currently uses FORM-based authentication to request a userid/password from a user and once submitted, a custom login module contacts a custom security service to authenticate the user. This works perfectly.
I now want to change this scenario to be able to auto-detect the userid/password with which the user logged into his Windows workstation, pass this information along with the initial HTTP request, have the custom login module contact the custom security service and authenticate the user. In the case the credentials are not valid, display the "denied" version of the form and let the user enter a different userid/password.
I have been researching this, read many articles about windows integration authentication and tried to prototype something that works. I have applied changes to IE as the articles describe but I bypass the instructions for configuring the server to use login modules that authenticate the credentials with Windows itself because this is not what I need to do. Unfortunately, I have yet to get my scenario to work.
Has anyone ever tried to do this? Does anyone know if it is even possible? All thoughts, suggestions, etc. are greatly appreciated.
posted 8 years ago
This blog entry talks about using the Windows Login for web apps, and indicates that it is possible without too much work.