Active Directory / IE Auto Authentication

Has anyone been able to get some sort of Active Directory auto login
functionality working in a rails app? Doesn't IE make available some
kind of ldap token that I could grab?

Thanks,
Kevin

You're thinking about Kerberos.

If you're using Apache as a web server then you can use something like
http://modauthkerb.sourceforge.net/ to authenticate the user and pass
the username through to as a variable.

I don't want apache handling authentication for me, my rails app is
handling authentication. What I want is if the user is logged into
the domain and using IE, be able to grab their active directory
username. And if they aren't using IE, my rails app will present them
with a login form.

Thanks,
Kevin

Yes. What you're talking about is Integrated Windows Authentication
(i.e. SPNEGO). This is basically Internet Explorer passing Kerberos or
NTLM tokens if the web server supports it or falling back to HTTP
Basic auth otherwise.

This means that either your rails app needs to be able to talk SPNEGO
itself (which would be complicated to implement) or you have to rely
on the web server for authentication. Once the web server has done the
authentication you can read the username in your rails app through a
HTTP environment variable.

I know thats not precisely what you want, but that is what is
available.

Matthew