[Support] WindowsAuthenticate then access Auth::user() inside controllers.

[khgar]

Environment:

• LDAP Server Type: ActiveDirectory
• LdapRecord-Laravel Major Version: V2
• PHP Version: 8.2

Describe the question:

I need to use Windows authentication to automatically log in users inside my application. The frontend is Vue.js, and the backend is Laravel. I'm using Passport for tokens.

So, I've used LDAP-Record with basic authentication, and everything was working fine. However, when I want to switch to Windows Authentication, everything goes wrong.

I followed the documentation here: https://ldaprecord.com/docs/laravel/v3/auth/sso/setup. It seems to lack information about APIs using Passport, but that's not my main issue.

Inside /ldaprecord-laravel/src/Middleware/WindowsAuthenticate.php everything work fine users are found and logged in. However, when I try to access my user inside controllers using Auth::user() or Auth::guard('web')->user(), it's empty. The weird part is that in my application.blade, Auth::user() is filled with the correct values.

config/auth.php is classic :

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

Kernel.php :

  protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \LdapRecord\Laravel\Middleware\WindowsAuthenticate::class,
        ],

        'api' => [
            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            \Illuminate\Routing\Middleware\ThrottleRequests::class . ':api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

I don't really understand why my users are authenticated but cannot access, and if I need to add something more to use Windows Authentication with an API using Passport.

If anyone already struggle with this and can explain how it's done ? Any assistance would be greatly appreciated.

[stevebauman]

Hi @khgar,

I don't use Laravel Passport (and never really have) so I can try to help, but my knowledge is pretty slim on the subject and that's why I don't have documentation for it. If you end up getting it working and have things to add to the docs, that'd be great if you could PR it! 🙏

If you're authenticating your users by Laravel Passport in a separate guard, then try specifying the guard before calling the Auth::user() method. Ex: Auth::guard('api')->user().

Also, the WindowsAuthentication middleware accepts a guard that the user should be logged into. Try specifying it there as well:

protected $middlewareGroups = [
    'api' => [
        // ...
        \LdapRecord\Laravel\Middleware\WindowsAuthenticate::class.':api', // <-- Added "API" guard as an argument.
    ],
];

Give these a shot and let me know how you make out 👍

[stevebauman]

Closing due to inactivity.