External authentication

External authentication is perfect when you have an existing user database in another system. You can then configure Weavy to use your already existing user database for authentication.

Prerequisites

In order to configure external authentication the following things are required:

  • You have an existing user database.
  • You can implement and add an API endpoint (https) that Weavy can call for authentication.

Configuration

The following settings are required for Weavy to use external authentication.

Web server

The Weavy website in IIS must be configured with the following settings:

Anonymous Authentication = Enabled
Forms Authentication = Disabled
Windows Authentication = Disabled

Web.config

The web.config file should have the following configuration:

<appSettings>
<add key="weavy.custom-authentication-endpoint" value="https://..." />

</appSettings>
...
<system.web>
<authentication mode="None" />

</system.web>

The weavy.custom-authentication-endpoint should point to an url that implements the external authentication specification.

Authentication Endpoint

When a custom authentication endpoint is supplied, Weavy will try to call the endpoint when a user tries to sign in into Weavy.

POST https://www.myapp.com/authenticate HTTP/1.1
Content-Length: 45
Content-type: application/json; charset=utf-8

{username: "username", password: "password" }
Example authentication request that Weavy will send to your authentication endpoint

It’s up to the developer of the api endpoint to authorize and authenticate the user and send back a status 200 OK with a valid JSON Web Token.

Not Authorized

If the user was not found or authorized in the external application, the api should return corresponding status codes, i.e. 404 Not Found or 401 Unauthorized.

Single sign-on

It's recommended to combine the external authentication with Single sign-on in the client. This provides a way for the users to seamlessly get signed in into weavy as long as they are signed in to your web app. The Single sign-on utilizes JWT tokens the same way External Authentication does.

Read more about setting up JWT tokens for use with Single sign-on. Configuring JWT