How to recognize user automatically (LDAP, AD)

Dear all,

I’m finding a solution for an internal web apps, the apps to be used within known list of users in corporation. All users need to login into computer using domain account and using Microsoft Windows. I don’t know by what technologies, many internal sites have ability to detect username automatically (for example when I visit https://intraweb/ I don’t need to do any login but they know my user and show my name on top right corner of the site. This works also when when I’m outside and connect to coporate using VPN.

As a new comer to Django, I wonder if I could achieve this with Django ? which are the keywords to search for further documents ?
I don’t want to use any login form with username/password because
password information of domain user is very sensitive and that way causes uncomfortable feeling for end user. And in another hand, this apps don’t need to be very secure because the set of users are known and within the organization (not avaible for internet).

Many thanks!
Best Regards,
Tony Ng

tl;dr It can be done. I’ve done it in the past for Java, PHP, and Python applications, but not Django. The process for doing this involves a defined protocol that is performed by the browser when connecting to the web server.

The easiest way that I am familiar with doing this is using the web server to perform the authentication, and then having the web server pass the logged-in user name to the application.

In part, it’s highly dependent upon which web server that you are using in front of Django, whether it’s IIS, Apache, nginx, or something else.

For example, if you’re running Django under uwsgi, behind an Apache web server, you’re going to want to install mod_auth_kerb and configure it to handle the authentication negotiation with the browser. (See http://modauthkerb.sourceforge.net/install.html and http://www.microhowto.info/howto/configure_apache_to_use_kerberos_authentication.html to help you get started. Also, if your users aren’t using IE or Edge, read the links embedded in the latter regarding the configuration required for Firefox and Chrome to work.)
I will admit, getting this working for me was a matter of a lot of trial and error. (Try, watch it fail, google for an answer, try, watch it fail, etc, etc.)

However, the end result of this allows the web server to inject another http header containing the user name of the person logging in. The Django side of this, then, is to look for this header and take some action based on it. Depending upon your specific requirements, you may want to create a Django user corresponding to the user name being presented. When we did that, we queried AD (using the LDAP interface) to get the information we needed about the user, and populated tables accordingly.

Start with https://docs.djangoproject.com/en/3.0/howto/auth-remote-user/.
I also found a blog post, https://www.sipios.com/blog-tech/automatic-login-in-a-django-application-using-external-authentication that looks pretty good. (Admittedly, I haven’t read it in great detail, but I scanned through most of it and it looks like it hits all the important points.)

Key terms that you’re going to encounter and probably will want to read about in various degrees of detail include SPNEGO, GSS, and Kerberos. You won’t need to understand the details of how they work, but you should have enough of an understanding of what they do to know how they fit into the bigger picture.

Dear KenWhitesell,

Thank you very much for your kind help! This is exactly what I was looking for. I will study the materials you provided carefully.

Best regards,
Tony Ng