Tag: authentication

Devise Facebook Omniauth login with connect and disconnect functionality

Posted on by Gianluca

When talking about users authentication in Rails land there is one name that generally stands above all the other available gems. This name is Devise.

I would not be so wrong to call it the de facto standard of Rails authentication considering the time has been around and the vast documentation it has under its belt.

Regarding for example the OAuth2 functionality there is a well documented page inside the wiki that describes how to implement it for Facebook.

Unfortunately what presented inside the documentation doesn’t always blend well with the other functionalities of an application.

Continue reading “Devise Facebook Omniauth login with connect and disconnect functionality”

Add a column for account recovery documentation by runasand · Pull Request #1348 · 2factorauth/twofactorauth

Posted on by Matteo Zobbi

Add a column for account recovery documentation by runasand · Pull Request #1348 · 2factorauth/twofactorauth

Two-factor authentication is great until you lose the device.  Here is a pull request for adding recovery info on http://twofactorauth.org

NTML authentication for Rails from inside Microsoft™ ActiveDirectory

Posted on by Elia Schito

I ended up with a decent setup in which the whole authentication is handled by IIS on a Windows machine that lives inside the ActiveDirectory tree. Adapting from these instructions.

IIS will act as a reverse proxy to your Rails app (typically installed on a *nix server, apache+passenger in my case).

The secret resides in configuring IIS to handle NTLM and then adding this nifty plugin that will basically reproduce the mod_proxy api for IIS.

Here’s an iirf.ini example:

# NOTE: 
# This file should be placed in the IIS document root 
# for the application

StatusInquiry ON
RewriteLogLevel 3
RewriteLog ....TEMPiirf
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^.*$ - [L]
ProxyPass ^/(.*)$ http://1.2.3.4:80/$1
ProxyPassReverse / http://1.2.3.4/

With this setup you can rely on the fact that the authentication is performed by IIS and you only get authenticated request with the authentication information stored inside HTTP_AUTHORIZATION.

To parse the user data from the auth header I used net-ntlm:

require 'kconv'
require 'net/ntlm'

if /^(NTLM|Negotiate) (.+)/ =~ env["HTTP_AUTHORIZATION"]
  encoded_message = $2
  message = Net::NTLM::Message.decode64(encoded_message)
  user = Net::NTLM::decode_utf16le(message.user)
end

After that you can even connect to the LDAP ActiveDirectory interface and fetch details about the user.