Hello,
my Node-Red is installed on a Windows Server 2022. To secure the node-red editor an IIS Reverse Proxy with Windows-Authentication (Negotiate) was installed. The IIS application pool was configured with an service-user for which is SPN configured. In node-red the adminAuth part of the settings-file was commented out. When I call the IIS Site, SSO is working and it rewrites me to the node-red. The authentication works. That is the first protection line.
But I want to use permissions (* and read) too. For this I have commented in the adminAuth part and created an admin-user and a default-user. After the config, I call the site again. I can see that the default-user is there. -> works.
Now the problem: The default-user have read permissions only, that's OK for the readers. But I got a loop of windows user/password prompts when I try to logon the admin-user in the node-red GUI. Even when I entered the correct credentials. I think node-red triggers the authentication script and over the http-header the IIS triggers the windows authentication again. How can I fix this? Does anyone had the same problem and solved it?
Does anyone know a better solution for SSO, windows authentication and configure permissions?
Best regards,
Markus
