A JavaScript based system cannot utilize windows authentication directly in the browser. Windows Authentication is not an option in a client side form technology as you cannot obtain windows users username and password in JavaScript. That is only going to work on server side technology like ASP.Net. Also even for ASP.Net it won’t work on browser other than Internet Explorer which in modern technology world can be quite limiting.
A client side form technology has to utilize some sort of access token based system where access token can be stored in cookie. A lot of modern OAuth2 based authentication systems like Windows Azure Active Directory, Salesforce, Google work on the same principle and is well supported by AgilePoint as it does support a concept of bring your own identity.
If it was a question of SSO only you could synchronize your OnPremises AD with windows Azure AD via ADFS and used it on AgilePoint portal whether it is hosted OnPrem or in cloud and that kind of solution is quite popular as this way you would have option of using Azure authentication in other solution as well. This is particularly good for clients who are in process of moving their OnPremises systems to cloud since Azure AD is supported by a lot of vendors.
However if your systems are mainly OnPremises, configuring Active Directory Federation Services (ADFS 3) is a good option as well. ADFS being a relatively complex configuration, I recommend working with AgilePoint services team to get it configured properly as they have helped numerous customers with ADFS 3.0 and ADFS 4.0 configuration.
Hi,
How can I create form based authentication without using any thirdparty service such as Identityserver?
Thanks
You could create a simple login and registration service where external users can register and their credentials are stored in a database and then you can provide them with a login option to login with those credentials. The authentication module in AgilePoint can be extended to handle multiple authentication types with some one time customization of authentication module. For e.g. all users would use same login screen but internal users whose username have domain appended will be authenticated against Active Directory and external users who do not have domain name can be authenticated against a custom database. You can discuss this approach with your AgilePoint technical point of contact and he can help with the effort estimate and implementation of that security module.
However personally I do not recommend unnecessarily opening your portal to external users. There is already a much better approach which exists. You could create a lightweight client facing portal in technology of your choice and do authentication whichever way you want and AgilePoint would just do authorization for you. You could embed AgilePoint Work Center and eForms in your client facing portal and will work with your authentication used on the portal. This is already covered in some of my other blog posts. This is an approach IT usually likes while working with external users.
https://www.agilepointnxblog.com/natively-embed-agilepoint-nx-end-user-components-in-third-party-web-portals/
This part will need one time work from an AgilePoint consultant so if interested, please discuss with your AgilePoint account manager.