Enforcing Active Directory authentication

If Integrated Windows authentication is enabled, update IIS and edit the web.config file.

  1. Make authentication changes to IIS.

    Note: Make all changes in IIS before attempting to edit web.config, so that you do not input anything that IIS will try to do, because you will get an error, that you cannot make changes in more than one place.

  2. Log into IIS, and make sure that the following settings are in place:

    • CEUI (double-click Authentication). Disable everything, but make sure that Anonymous Authentication is enabled.

    • OpenWay (double-click Authentication). Disable everything, but make sure that Forms and Anonymous Authentication is enabled.

    • OpenWay > Security (double-click Authentication). Disable everything, but make sure that Forms and Anonymous Authentication is enabled.

    • OpenWay > Security >Content View > Login.aspx >Feature View (double-click Authentication). Disable everything, but make sure that Forms and Anonymous Authentication is enabled.

      Note: If you try to disable Windows Authentication and then enable Forms and Forms is unavailable or reports that it is locked in any of the above views, go to web.config (C:\AMI\main\Bin\CEUI\OpenWay), and edit it there. After the edit, it should look like this:

      <authentication mode="Forms">

      Then, check the IIS settings to ensure that Forms now shows as enabled, restart IIS, and try to access the OpenWay Collection Engine.

  3. Edit the web.config file (C:\AMI\main\Bin\CEUI\OpenWay) to replace the default information with the following:

    • Change the Directory Search settings to establish proper path and credentials for the Active Directory LDAP server used to authenticate Active Directory or domain users.

      <add key="EnforceCustomerSelection" value="true" />

      <add key="DirectorySearchRootPath" value="GC://DC=ipv6lab,DC=com" />

      <add key="DirectorySearchUsername" value="IPV6LAB\ad-security-srvc"

      <add key="DirectorySearchPassword" value="69Hxj9544" />

      </Options>

    • No changes are needed for web.config in this location: C:\AMI\main\Bin\CEUI\

  4. Check IIS Windows Login Settings, and do the following:

  5. Uncomment the Forms Authentication Wrapper.

  6. Ensure that Windows Authentication enabled is set to True.

    Note: For Active Directory authentication, on the Login.aspx page, a special Forms Authentication wrapper uses Windows integrated authentication login first, and then the Form authentication login if it failed.

  7. Restart OpenWay Services and launch the OpenWay Collection Engine.

Before

<!-- Enable IIS Windows authentication for the login page.

Uncomment the following block to enable Windows Authentication first.

The formsAuthenticationWrapper will then try Forms Authentication if it failed. -->

<!--

<formsAuthenticationWrapper enabled="false" />

<system.webServer>

<security>

<authentication>

<windowsAuthentication enabled="true" />

<anonymousAuthentication enabled="false" />

</authentication>

</security>

</system.webServer>

-->

</location>

After

<formsAuthenticationWrapper enabled="false" />

<system.webServer>

<security>

<authentication>

<windowsAuthentication enabled="true" />

<anonymousAuthentication enabled="false" />

</authentication>

</security>

</system.webServer>

</location>

Related topics: