LDAP authentication for a HTML/JavaScript application - javascript

I am building a HTML/JavaScript application using AngularJS. It doesn't have a backend except some Perl scripts that spit JSON through a URL through which I display the data. One of the pages on this dashboard needs privileged access for which I had to add LDAP authorization.
The application is deployed on a WAMP server. Active directory is being used in the organization; but I am not quite sure how to establish the authentication in a pure html application without a backend. What is the usual process followed to handle such authorizations and how to achieve it?

You should write a web service (REST) in any language you want (JAVA C# PHP Node.js ...) who autenticate against your Open LDAP server and you'll consume it in AngularJS.
It's quite a classic problem.

Appears to be a perfect candidate for OpenID Connect. Use one of the many available libraries available.

Related

Suggestion: Single Page application architecture issue

I have written a web app (Single Page application) which has only frontend technologies involved (Vuejs) and when I compile it, it will ultimately generate web pages (only HTML and JS). I can run this app anywhere by opening the index page.I am consuming REST API powered by oAuth on this SPA (making direct Ajax call to REST API endpoints).
But the problem is, My lead developer is saying the SPA must be powered by back-end service (Server) for example nodejs, apache. And the backend should make call to the REST APIs not directly Ajax calls from the browser (Frontend JS ajax). My SPA app runs anywhere and works perfectly on browsers even without any server.
My question is, do I really need to render and run my SPA using webserver, whats the reasons behind making my SPA (Plain html, js) app server powered??
Also please suggest me, if people simply write app using JS and HTML (pure front end) and upload on the server and point a domain name to that html-js web app which will be consuming remote REST APIs.
Thank you for making my doubts clear in advance.
I have remote REST API provider, suggest me best way to write an SPA to consume that remote APIs.
There may be some reasons to setup a back-end service, for example:
Hide REST API endpoints
Setup your own caching / throttling / failovers etc. to REST API endpoints
Override / control REST API responses / requests
Still, you can use only pure html+js SPA, but adding back-end service gives you additional options, not possible to achieve on front-end.

run node.js server for chat app in e-commerce website

I want to add a chat app to my e-commerce website which offers one-to-one chat between the buyers and the sellers. After searching ,web sockets seems to be right for this but it requires node.js server and the rest of my website is in php with apache server. I have read that it is not good to run both apache and node server at the same time. For video chat I'm using appear.in's javascript api which has no such limitations.
How can I run the node.js app under this scenario?
There are plenty of web socket libraries for PHP, e.g. Ratchet.
If this is the only reason for you to move parts of you application to Node.js, you shouldn't necessarily do it.

how can i access mail from a microsoft exchange server using javascript?

I am trying to build a desktop app using electron that retrieves mail from a specific mailbox (microsoft exchange server), now, i have looked around and read that mailbox connection should be done server side (the question was made by a guy building a web based app that is a little bit similar to what i want to do), but, since i am not really deploying a node js server but rather using electron, which, as far as i understand is like a desktop app version of node, im not sure on which approach to take. Should i use an api? does microsoft has any interface for this? or should i use a third party integration for it?
It looks like the Exchange Web Services API is only provided as a CLR assembly, so if you wanted to use it you'd need to:
write a C# console app that you then spawn from your Electron app
(and communicate via stdin/stdout), or
use the EWS API in your Electron app via Edge.js
Alternatively, you could probably just directly communicate with the exchange server using SOAP messages, but that could be a bit tedious to implement.

Pure Javascript Front-end connecting to a BaaS (Can it be done?)

I am quite determined to do a pure Javascript front-end (Using JS and GWT) connecting to a back-end using Ajax on a separate server. My concern is with security.
What could be a solution for a Pure Front-end application?
For example, a user-generated content site:
When we look at it at a perspective of an app that to gain access to it it needs to ask user to login, so here Oauth can take over. The app is authenticated properly and access to any content is based on the authorization given.
The problem is here: For an application that can allow anonymous users to view user generated content without logging in thus there is no chance for Oauth to take place.
Connecting to a BaaS:
There will be no Java middleware to store application key for Baas access (e.g. Kinvey etc.)
Even if obfuscated the application key can easily be snooped from the HTTP requests.
What could be a solution for a Pure Javascript front-end to connect to a BaaS or independent backend? In terms of securing application keys? Where Baas or independent backend can know if it is to serve data to the requesting client (even its a web app) since its not from the same domain.

how to develop my website to show a authentication window(javascript) like the netgear routers show when connected to them..?

javascript or html ?i want to add a authentication required box like the netgear routers have ?how can i code my website to do so ?
You will need to follow these steps:
1)create a password file in your www folder
2)configure http.conf
Find a tutorial here
Neither. That's HTTP. Specifically, basic auth.
While this can be done in your server side programming language (e.g. in PHP and a Perl module), it is usually handled by your web server. The specifics depend, of course, on which web server you are using. For example, here are instructions for Apache HTTPD and for IIS.

Categories