This article constitutes the documentation for configuring the MDrivenServer to use Windows authentication instead of password/username as with the default authentication.
MDrivenServer is a web application that has a UI and several WCF services. The authentication is different for web applications and WCF services but both needs are covered in this article.
The MDrivenServer is mostly used as a integrated part of a MDriven Turnkey installation – but it is equally correct to run clients straight towards MDrivenServer.
In IIS turn on Windows authentication:
If you do not have the line Windows Authentication you need to add the role to your IIS server.
Start MDrivenServer and navigate to <yoursite>/AccessFromServer.aspx
Press the Use Windows Auth – what this does is to make change web.config sections.
The Web.config has the attribute configSource and it “lifts in” other files doing the actual configuration.
The current such configuration parts all reside in the App_Data folder and are called:
WebServices_ActualWFC.config This is the actual configuration setting up WCF endpoints as being SSL aware or not.
WebServices_SecurityWCFActual.config This is the actual configuration for WCF bindings and how they should authenticate.
WebServices_SecurityWEBUIActual.config This is the actual configuration for the web applications authentication mode
All the config parts that has the name Actual in them has 2 alternatives:
WebServices_ActualWFC.config either has the content from Webservices_NoSSL.config or Webservices_WithSSL.config
WebServices_SecurityWCFActual.config has the content from WebServices_SecurityWCFForms.config or WebServices_SecurityWCFWindows.config
WebServices_SecurityWEBUIActual.config has the content from WebServices_SecurityWEBUIForms.config or WebServices_SecurityWEBUIWindows.config
The buttons “Use Forms Auth” and “Use Windows Auth” actually just copy the correct file to WebServices_SecurityWCFActual and WebServices_SecurityWEBUIActual.
The buttons “Use SSL setting” and “Use HttpOnly Setting” copy the correct file to WebServices_ActualWFC.
Once you have configured Windows Authentication you will see you domain name here:
To effectively use the services the caller must be authenticated and authorized.
The authorization is controlled by User Admin (<your site>/admin/UsersAndRolesAdmin.aspx).
You need to check that “Admin Require Identification” in order to stop anyone authenticated doing changes. You need to check “Services require identification” in order to stop anyone authenticated to access the WCF-Services. If you do – you must add the account running the MDrivenServer WebApplication to the list – since it must be able to use the WCF services in order to work.
Assign the role “SuperAdmin” to the app-pool user and the developers you want to control the executed model.
Assign the role “AppUser” to others.