Secure Node-Red with IIS Reverse Proxy

Hello,

my Node-Red is installed on a Windows Server 2022. To secure the node-red editor an IIS Reverse Proxy with Windows-Authentication (Negotiate) was installed. The IIS application pool was configured with an service-user for which is SPN configured. In node-red the adminAuth part of the settings-file was commented out. When I call the IIS Site, SSO is working and it rewrites me to the node-red. The authentication works. That is the first protection line.

But I want to use permissions (* and read) too. For this I have commented in the adminAuth part and created an admin-user and a default-user. After the config, I call the site again. I can see that the default-user is there. -> works.

Now the problem: The default-user have read permissions only, that's OK for the readers. But I got a loop of windows user/password prompts when I try to logon the admin-user in the node-red GUI. Even when I entered the correct credentials. I think node-red triggers the authentication script and over the http-header the IIS triggers the windows authentication again. How can I fix this? Does anyone had the same problem and solved it?

Does anyone know a better solution for SSO, windows authentication and configure permissions?

Best regards,
Markus

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.