Difference between revisions of "Setup Basic Auth for Interfaces"

From Agility
Jump to: navigation, search
(IIS BASIC authentication setup)
 
(12 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
==IIS BASIC authentication setup==
 
==IIS BASIC authentication setup==
 
<ol>
 
<ol>
 +
 
<li>
 
<li>
Open IIS configuration console, navigate to Agility Services directory, and switch to content view.
+
Open IIS configuration console, navigate to Agility Services directory, and switch to content view. <div style="clear: both"></div>
[[File:agilityservices_basic_iis_01.png]]
+
[[File:agilityservices_basic_iis_01.png|1131px]]
 
</li>
 
</li>
 +
 +
 
<li>
 
<li>
Right click on GeneralImport.ashx and Select “Switch to Features View” from context menu.
+
Right click on GeneralImport.ashx and Select “Switch to Features View” from context menu. <div style="clear: both"></div>
[[File:agilityservices_basic_iis_02.png]]
+
[[File:agilityservices_basic_iis_02.png|1131]]
 
</li>
 
</li>
#Open Authentication options.
+
 
[[File:agilityservices_basic_iis_03.png]]
+
 
#Disable Anonymous Authentication and Enable Basic Authentication.
+
<li>
[[File:agilityservices_basic_iis_04.png]]
+
Open Authentication options for '''GeneralImport.ashx'''.<div style="clear: both"></div>
#Edit Basic Authentication options and input default domain (domain in which agility is working).
+
[[File:agilityservices_basic_iis_03.png|1015]]
#Edit '''web.config''' file (it is located in agility web application root directory).  At the end of locations add new one (marked below)
+
</li>
 +
 
 +
 
 +
<li>
 +
Disable Anonymous Authentication and Enable Basic Authentication.
 +
[[File:agilityservices_basic_iis_04.png|1131]]
 +
</li>
 +
 
 +
<li>
 +
To enforce Basic Authentication disable Windows Authentication also.
 +
</li>
 +
 
 +
<li>
 +
Edit Basic Authentication options and input default domain (domain in which agility is working).
 +
</li>
 +
 
 +
<li>
 +
Edit '''web.config''' file (it is located in agility web application root directory).  At the end of locations add new one (marked below)
 
<pre>
 
<pre>
 
 
Line 42: Line 62:
 
 
 
</pre>
 
</pre>
 +
In above example allowed user is '''DomainESBuser''' it means that such user must exists in domain. And this user credentials must be used by all agility web service clients. It is possible to define multiple users (coma separated list). It is possible to allow access to any user which is authenticated by domain (use * instead user name).
  
 +
</li>
 
</ol>
 
</ol>
 +
 +
==Setup Agility user for interfaces==
 +
There should be designated account in Agility which will handle all requests to agility web services. If there is no such user please create one (for example AgilityESBuser). Edit agility configuration xml file. Find GeneralImport element and set credentials of user designated for web services:
 +
 +
<pre>
 +
    <GeneralImport
 +
        ImportWebServiceEnabled="true"
 +
        DefaultUser="AgilityESBuser"
 +
        DefaultUserPass="[usesecurepassword]"
 +
        WebServiceLocation="https://hosturl/agilityapp/GeneralImport.ashx"
 +
    />
 +
</pre>
 +
 +
Warning! Changes in agility configuration xml file are reflected in system only after iis restart (or appropriate agility app pool).

Latest revision as of 09:26, 20 March 2017


Below configuration tutorial set BASIC authentication only for interfaces defined by import (web service import definitions). It will not set authentication for other services, for example it will NOT enable BASIC authentication in web services used to communicate with mobile devices.

In this scenario any configured (windows) user which pass IIS basic authentication will have access to web services exposed by Agility. In Agility single predefined agility user will handle all requests (regardless of user name authenticated by iis).


IIS BASIC authentication setup

  1. Open IIS configuration console, navigate to Agility Services directory, and switch to content view.

    Agilityservices basic iis 01.png


  2. Right click on GeneralImport.ashx and Select “Switch to Features View” from context menu.

    1131


  3. Open Authentication options for GeneralImport.ashx.

    1015


  4. Disable Anonymous Authentication and Enable Basic Authentication. 1131
  5. To enforce Basic Authentication disable Windows Authentication also.
  6. Edit Basic Authentication options and input default domain (domain in which agility is working).
  7. Edit web.config file (it is located in agility web application root directory). At the end of locations add new one (marked below) 
    …
  <location path="Services">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>
  
  <location path="Services/GeneralImport.ashx">
    <system.web>
      <authorization>
        <allow users="DomainESBuser" />
      </authorization>
    </system.web>
  </location>
  
…

    In above example allowed user is DomainESBuser it means that such user must exists in domain. And this user credentials must be used by all agility web service clients. It is possible to define multiple users (coma separated list). It is possible to allow access to any user which is authenticated by domain (use * instead user name).

Setup Agility user for interfaces

There should be designated account in Agility which will handle all requests to agility web services. If there is no such user please create one (for example AgilityESBuser). Edit agility configuration xml file. Find GeneralImport element and set credentials of user designated for web services: 

    <GeneralImport
        ImportWebServiceEnabled="true"
        DefaultUser="AgilityESBuser"
        DefaultUserPass="[usesecurepassword]"
        WebServiceLocation="https://hosturl/agilityapp/GeneralImport.ashx"
    />

Warning! Changes in agility configuration xml file are reflected in system only after iis restart (or appropriate agility app pool).

Retrieved from "http://agilitywiki.northeurope.cloudapp.azure.com/agilitywiki/index.php?title=Setup_Basic_Auth_for_Interfaces&oldid=2532"