Home » Support » Telligent Analytics » Installation & Configuration » Windows Authentication

Windows Authentication

Open Support Ticket

Call Support:
Direct: (214) 420-1337
Toll Free: (877) 522-6334

Monday through Friday
8 a.m. to 6 p.m. Central (GMT-6)

Join our Community
Details
  • 4 Replies
  • 2 Subscribers
  • Postedover 3 years ago
Options

Windows Authentication

This question is answered
DF
Posted by
on Mon, Nov 23 2009 12:13 PM

Thank you for your help earlier for the Shared Membership issue. I need some more help with Windows Authentication.

I've set up Windows Authentication in Analytics to authenticate users. Although user can be authenticated successfully to Analytics dashboard, there is an issue with accessing the Analytics control panel (settings) using the same user credential, which is also a member of Windows Administrators group. When an authenticated user of the Administrators group clicks on the Settings link from the Analytics dashboard page, it displays a login screen. After I type in the correct user credentials, the login fails.

Thank you again for your help!

Analytics telligent analytics
Verified Answer
  • DF
    Posted by
    on Tue, Nov 24 2009 6:19 PM
    Verified Answer
    Verified by

    After debugging the http traffic and trying many different combinations of IIS, IE, and Web.config settings for Analytics, here are the combinations that will get the Windows Authentication to work properly. The issue was that the Settings link (for the admin page) in the dashboard opens a login message box by default. This did not work well with pure Windows Authentication.

    Here is the source code of the Settings link:

    <span id="ctl00_DashboardSettingsLinkLabel" class="noprint"><a id="ctl00_SettingsLink" onclick="openModal('LoginModal')" href="BLOCKED SCRIPTvoid(0)">Settings</a></span>

    Here are the working combinations:

    Web.config: (1) Set both UseSharedMembership and Windows Authentication = "true". SharedMembership is needed to handle the re-authentication by the Settings login message box. (2) Set the authentication mode = "Forms". This is a bit unconventional, but it is necessary to handle the Settings login message box triggered by clicking the Settings link to access the admin page. (3) Set roleManager enabled = "true". This is also related to the re-authentication by the Settings login message box.

       <add key="UseSharedMembership" value="true" />

       <add key="UseWindowsAuthentication" value="true" />

       <authentication mode="Forms">

         <forms name=".TERAUTH" loginUrl="Login.aspx" protection="All" timeout="300">

           <!-- <credentials passwordFormat="Clear">

             <user name="admin" password="admin" />

           </credentials> -->

         </forms>

       </authentication>

       <roleManager enabled="true" defaultProvider="SqlRoleProvider">

         <providers>

           <clear/>

           <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="aspnet_membership"

    applicationName="dev"/>

         </providers>

       </roleManager>

    IIS 7.0: Enable Anonymous Authentication, Forms Authentication (this is also to accommodate the Settings login message box), and Windows Authentication.

    IE: no special security setting is needed.

    Can anyone verify it? Thank you very much!
All Replies
  • Andrew Hemmings
    Posted by
    on Mon, Nov 23 2009 12:32 PM

    Hi Dorine,

    I'm guessing there is some remnant of forms based authentication still in place. Have a look in the Web.config file located in the /admin/ folder. Is there a line specifying that only the "admin" user can enter?

    With Windows Authentication in use, you will want it to look something like this.

    <?xml version="1.0"?>

    <configuration>

     <system.web>

       <authorization>

    <deny users="?" />

    </authorization>

     </system.web>

    </configuration>
  • DF
    Posted by
    on Mon, Nov 23 2009 3:35 PM

    Thank you for your help Andrew. I just realized that the issue is more than just the Admin page. I discovered that the anonymous authentication was enabled in IIS for the Analytics application. When I disabled it with only Windows Authentication enabled. The Windows users failed to get authenticated even to the dashboard page (I guess for my earlier test the Windows user was just authenticated as an anonymous user).

    We are using Windows Server 2008 and IIS 7.0. I confirmed that Windows Authentication is installed and enabled, and the Web.config file in the Web folder has Windows as the authentication mode. In the Web.config file there is an attribute for <emaildomain>. Because I'm sing a dev environment on a virtual machine, the email domain is not set up. Is it necessary to set up the email domain to get the Windows Authentication to work?

    Thank you again.
  • DF
    Posted by
    on Tue, Nov 24 2009 6:19 PM
    Verified Answer
    Verified by

    After debugging the http traffic and trying many different combinations of IIS, IE, and Web.config settings for Analytics, here are the combinations that will get the Windows Authentication to work properly. The issue was that the Settings link (for the admin page) in the dashboard opens a login message box by default. This did not work well with pure Windows Authentication.

    Here is the source code of the Settings link:

    <span id="ctl00_DashboardSettingsLinkLabel" class="noprint"><a id="ctl00_SettingsLink" onclick="openModal('LoginModal')" href="BLOCKED SCRIPTvoid(0)">Settings</a></span>

    Here are the working combinations:

    Web.config: (1) Set both UseSharedMembership and Windows Authentication = "true". SharedMembership is needed to handle the re-authentication by the Settings login message box. (2) Set the authentication mode = "Forms". This is a bit unconventional, but it is necessary to handle the Settings login message box triggered by clicking the Settings link to access the admin page. (3) Set roleManager enabled = "true". This is also related to the re-authentication by the Settings login message box.

       <add key="UseSharedMembership" value="true" />

       <add key="UseWindowsAuthentication" value="true" />

       <authentication mode="Forms">

         <forms name=".TERAUTH" loginUrl="Login.aspx" protection="All" timeout="300">

           <!-- <credentials passwordFormat="Clear">

             <user name="admin" password="admin" />

           </credentials> -->

         </forms>

       </authentication>

       <roleManager enabled="true" defaultProvider="SqlRoleProvider">

         <providers>

           <clear/>

           <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="aspnet_membership"

    applicationName="dev"/>

         </providers>

       </roleManager>

    IIS 7.0: Enable Anonymous Authentication, Forms Authentication (this is also to accommodate the Settings login message box), and Windows Authentication.

    IE: no special security setting is needed.

    Can anyone verify it? Thank you very much!
  • Andrew Hemmings
    Posted by
    on Tue, Dec 1 2009 4:37 PM

    Hi Dorine,

    I'm happy you got your membership issue sorted out.

    The UseSharedMembership and UseWindowsAuthentication settings are meant to be used independently of one another. I don't think all these changes should be necessary, but if it's now working in your environment, I would say leave it alone. :)

    Andrew