NTLM Windows Authentication

Follow these steps to authenticate your users with Windows Authentication via Microsoft's NTLM challenge-response protocol.  

Windows Authentication requires you to install and use the optional EMS Platform Services API.

User Login Scenario

Once you establish a connection to the EMS Platform Services API, the user sign-in process is as follows:

  • Users enter domain credentials to sign in to their EMS product.
  • EMS sends credentials to the EMS Platform Services API.
  • IIS intercepts the call and issues a challenge.
    • The EMS access point, for example, EMS Web App, and so on, then performs all steps necessary to complete process with the user's provided credentials.
  • EMS Platform Services API receives the initial request and extract the authenticated user from the IIS context.
  • EMS Platform Services API verifies the authenticated user against the EMS database.
  • User is navigated to the Home screen.

If the credentials are missing when the user taps Sign In, an error message appears indicating the required fields. If the EMS Platform Services API is unable to verify the authenticated user, or if IIS rejects the request due to failed authentication, EMS informs the user.

Test Your Windows Authentication

Assuming you installed the EMS Platform Services API at https://Yourcompany.com/EmsPlatform, you can test the authentication with the following curl command where your_username and your_password are your credentials.

curl -X POST -H "x-ems-consumer: MobileApp" -H "Content-Type: application/json" --ntlm  -u your_username:your_password -vvvv -d '{}'  "https://ems.yourcompany.com/endpoint...authentication"

api/v1/authentication is the endpoint within the API where your request must be sent.