MDrivenServer with Windows authentication
(Created page with "This article constitutes the documentation for configuring the MDrivenServer to use Windows authentication instead of password/username as with the default authentication. MD...")
 
(Automatically adding template at the end of the page.)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This article constitutes the documentation for configuring the MDrivenServer to use Windows authentication instead of password/username as with the default authentication.
This article constitutes instructions for configuring the MDrivenServer to use Windows Authentication instead of password/username as with the default authentication.


MDrivenServer is a web application that has a UI and several WCF services. The authentication is different for web applications and WCF services but both needs are covered in this article.
MDrivenServer is a web application that has a UI and several WCF services. Authentication differs for web applications and WCF services, but both needs are covered in this article.


The MDrivenServer is mostly used as a integrated part of a MDriven Turnkey installation – but it is equally correct to  run clients straight towards MDrivenServer.
The MDrivenServer is mostly used as an integrated part of an MDriven Turnkey installation – but it is equally correct to run clients straight toward MDrivenServer.


In IIS turn on Windows authentication:
In IIS, turn on Windows Authentication:
[[File:Server - 1.png|none|frame|457x457px]]
[[File:Server - 1.png|none|frame|457x457px]]


If you do not have the line Windows Authentication you need to add the role to your IIS server.
If you do not have the line Windows Authentication, add the role to your IIS server.


Start MDrivenServer and navigate to <yoursite>/AccessFromServer.aspx
Start MDrivenServer and navigate to <yoursite>/AccessFromServer.aspx
[[File:Server - 2.png|none|frame|442x442px]]
[[File:Server - 2.png|none|frame|442x442px]]


Press the Use Windows Auth – what this does is to make change web.config sections.
Press the Use Windows Auth – this makes changes to the web.config sections.


The Web.config has the attribute configSource  and it “lifts in” other files doing the actual configuration.
The Web.config has the attribute configSource - it “lifts in” other files doing the actual configuration.


The current such configuration parts all reside in the App_Data folder and are called:<blockquote>WebServices_ActualWFC.config This is the actual configuration setting up WCF endpoints as being SSL aware or not.</blockquote><blockquote>WebServices_SecurityWCFActual.config This is the actual configuration for WCF bindings and how they should authenticate.</blockquote><blockquote>WebServices_SecurityWEBUIActual.config This is the actual configuration for the web applications authentication mode</blockquote>All the config parts that has the name Actual in them has 2 alternatives:<blockquote>WebServices_ActualWFC.config either has the content from Webservices_NoSSL.config or Webservices_WithSSL.config</blockquote><blockquote>WebServices_SecurityWCFActual.config  has the content from WebServices_SecurityWCFForms.config or WebServices_SecurityWCFWindows.config</blockquote><blockquote>WebServices_SecurityWEBUIActual.config has the content from WebServices_SecurityWEBUIForms.config or WebServices_SecurityWEBUIWindows.config</blockquote>The buttons “Use Forms Auth” and “Use Windows Auth” actually just copy the correct file to WebServices_SecurityWCFActual and WebServices_SecurityWEBUIActual.
The current configuration parts all reside in the App_Data folder and are called:<blockquote>WebServices_ActualWFC.config - This is the actual configuration setting up WCF endpoints as being SSL aware or not.</blockquote><blockquote>WebServices_SecurityWCFActual.config - This is the actual configuration for WCF bindings and how they should authenticate.</blockquote><blockquote>WebServices_SecurityWEBUIActual.config - This is the actual configuration for the web applications authentication mode</blockquote>All the config parts that have the name Actual in them have two alternatives:<blockquote>WebServices_ActualWFC.config either has the content from Webservices_NoSSL.config or Webservices_WithSSL.config</blockquote><blockquote>WebServices_SecurityWCFActual.config has the content from WebServices_SecurityWCFForms.config or WebServices_SecurityWCFWindows.config</blockquote><blockquote>WebServices_SecurityWEBUIActual.config has the content from WebServices_SecurityWEBUIForms.config or WebServices_SecurityWEBUIWindows.config</blockquote>The buttons <code>Use Forms Auth</code> and <code>Use Windows Auth</code> copy the correct file to WebServices_SecurityWCFActual and WebServices_SecurityWEBUIActual.


The buttons “Use SSL setting” and “Use HttpOnly Setting” copy the correct file to WebServices_ActualWFC.
The buttons <code>Use SSL setting</code> and <code>Use HttpOnly Setting</code> copy the correct file to WebServices_ActualWFC.


Once you have configured Windows Authentication you will see you domain name here:
Once you have configured Windows Authentication, you will see your domain name here:
[[File:Server - 3.png|none|frame|228x228px]]
[[File:Server - 3.png|none|frame|228x228px]]


To effectively use the services the caller must be authenticated and authorized.
To effectively use the services, the caller must be authenticated and authorized.


The authorization is controlled by User Admin (<your site>/admin/UsersAndRolesAdmin.aspx).
The authorization is controlled by User Admin (<your site>/admin/UsersAndRolesAdmin.aspx).
[[File:Server - 4.png|none|frame|394x394px]]
[[File:Server - 4.png|none|frame|394x394px]]


You need to check that “Admin Require Identification” in order to stop anyone authenticated doing changes. You need to check “Services require identification” in order to stop anyone authenticated to access the WCF-Services. If you do you must add the account running the MDrivenServer WebApplication to the list since it must be able to use the WCF services in order to work.
Check “Admin Require Identification” to stop anyone authenticated from making changes, and check “Services require identification” to stop anyone authorized from accessing the WCF-Services. If you do, you must add the account running the MDrivenServer WebApplication to the list since it must be able to use the WCF services to work.


Assign the role “SuperAdmin” to the app-pool user and the developers you want to control the executed model.
Assign the role “SuperAdmin” to the app-pool user and the developers you want to control the executed model.


Assign the role “AppUser” to others.
Assign the role “AppUser” to others.
[[Category:MDriven Server]]
{{Edited|July|12|2024}}

Latest revision as of 15:36, 10 February 2024

This article constitutes instructions for configuring the MDrivenServer to use Windows Authentication instead of password/username as with the default authentication.

MDrivenServer is a web application that has a UI and several WCF services. Authentication differs for web applications and WCF services, but both needs are covered in this article.

The MDrivenServer is mostly used as an integrated part of an MDriven Turnkey installation – but it is equally correct to run clients straight toward MDrivenServer.

In IIS, turn on Windows Authentication:

Server - 1.png

If you do not have the line Windows Authentication, add the role to your IIS server.

Start MDrivenServer and navigate to <yoursite>/AccessFromServer.aspx

Server - 2.png

Press the Use Windows Auth – this makes changes to the web.config sections.

The Web.config has the attribute configSource - it “lifts in” other files doing the actual configuration.

The current configuration parts all reside in the App_Data folder and are called:

WebServices_ActualWFC.config - This is the actual configuration setting up WCF endpoints as being SSL aware or not.

WebServices_SecurityWCFActual.config - This is the actual configuration for WCF bindings and how they should authenticate.

WebServices_SecurityWEBUIActual.config - This is the actual configuration for the web applications authentication mode

All the config parts that have the name Actual in them have two alternatives:

WebServices_ActualWFC.config either has the content from Webservices_NoSSL.config or Webservices_WithSSL.config

WebServices_SecurityWCFActual.config has the content from WebServices_SecurityWCFForms.config or WebServices_SecurityWCFWindows.config

WebServices_SecurityWEBUIActual.config has the content from WebServices_SecurityWEBUIForms.config or WebServices_SecurityWEBUIWindows.config

The buttons Use Forms Auth and Use Windows Auth copy the correct file to WebServices_SecurityWCFActual and WebServices_SecurityWEBUIActual.

The buttons Use SSL setting and Use HttpOnly Setting copy the correct file to WebServices_ActualWFC.

Once you have configured Windows Authentication, you will see your domain name here:

Server - 3.png

To effectively use the services, the caller must be authenticated and authorized.

The authorization is controlled by User Admin (<your site>/admin/UsersAndRolesAdmin.aspx).

Server - 4.png

Check “Admin Require Identification” to stop anyone authenticated from making changes, and check “Services require identification” to stop anyone authorized from accessing the WCF-Services. If you do, you must add the account running the MDrivenServer WebApplication to the list since it must be able to use the WCF services to work.

Assign the role “SuperAdmin” to the app-pool user and the developers you want to control the executed model.

Assign the role “AppUser” to others.

This page was edited 94 days ago on 02/10/2024. What links here
Retrieved from "https://wiki.mdriven.net/index.php?title=Documentation:MDrivenServer_with_Windows_authentication&oldid=16358"

© MDRIVEN . All Rights Reserved

Glossary API Docs
MDriven World | Portal | Blog | YouTube | StackOverflow | Facebook

© MDRIVEN . All Rights Reserved