NTLM Windows Authentication

Follow these steps to authenticate your users with Windows Authentication via Microsoft's NTLM challenge-response protocol.  

Windows Authentication requires that you install and use the optional EMS Platform Services API.

User Login Scenario

Once you have established a connection to the EMS Platform Services API, the user log-in process is as follows:

  • Users will enter domain credentials to log into their EMS product.
  • EMS will send credentials to the EMS Platform Services API.
  • IIS will intercept the call and issue a challenge.
    • The EMS access point (e.g., EMS Mobile App, EMS Web App, etc.) will then perform all steps necessary to complete process with the user's provided credentials.
  • EMS Platform Services API receives the initial request and extract the authenticated user from the IIS context.
  • EMS Platform Services API will verify the authenticated user against the EMS database.
  • User will be taken to the Home screen.

If the credentials are missing when the user taps Sign In, an error message will appear indicating that fields are required. If the EMS Platform Services API is unable to verify the authenticated user, or if IIS rejects the request due to failed authentication, EMS will inform the user.

Test Your Windows Authentication

Assuming you installed the EMS Platform Services API at https://Yourcompany.com/EmsPlatform, then you can test the authentication with a curl command:

curl -X POST -H "x-ems-consumer: MobileApp" -H "Content-Type: application/json" --ntlm  -u your_username:your_password -vvvv -d '{}'  "https://ems.yourcompany.com/endpoint...authentication"

...where your_username and your_password are your credentials.

api/v1/authentication is the endpoint within the API where your request must be sent.