Setup Basic Auth for Interfaces

From Agility
Revision as of 15:56, 24 January 2017 by Sychu (Talk | contribs) (IIS BASIC authentication setup)

Jump to: navigation, search


Below configuration tutorial set BASIC authentication only for interfaces defined by import (web service import definitions). It will not set authentication for other services, for example it will NOT enable BASIC authentication in web services used to communicate with mobile devices.

In this scenario any configured (windows) user which pass IIS basic authentication will have access to web services exposed by Agility. In Agility single predefined agility user will handle all requests (regardless of user name authenticated by iis).


IIS BASIC authentication setup

  1. Open IIS configuration console, navigate to Agility Services directory, and switch to content view.

    Agilityservices basic iis 01.png


  2. Right click on GeneralImport.ashx and Select “Switch to Features View” from context menu.

    1131


  3. Open Authentication options.

    1015


  4. Disable Anonymous Authentication and Enable Basic Authentication. 1131


  5. Edit Basic Authentication options and input default domain (domain in which agility is working).
  6. Edit web.config file (it is located in agility web application root directory). At the end of locations add new one (marked below) 
    …
  <location path="Services">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>
  
  <location path="Services/GeneralImport.ashx">
    <system.web>
      <authorization>
        <allow users="DomainESBuser" />
      </authorization>
    </system.web>
  </location>
  
…

    In above example allowed user is DomainESBuser it means that such user must exists in domain. And this user credentials must be used by all agility web service clients. It is possible to define multiple users (coma separated list). It is possible to allow access to any user which is authenticated by domain (use * instead user name).

Setup Agility user for interfaces

There should be designated account in Agility which will handle all requests to agility web services. If there is no such user please create one (for example AgilityESBuser). Edit agility configuration xml file. Find GeneralImport element and set credentials of user designated for web services: 

    <GeneralImport
        ImportWebServiceEnabled="true"
        DefaultUser="AgilityESBuser"
        DefaultUserPass="[usesecurepassword]"
      WebServiceLocation="https://hosturl/agilityapp/GeneralImport.ashx"
    />

Warning! Changes in agility configuration xml file are reflected in system only after iis restart (or appropriate agility app pool).

Retrieved from "http://agilitywiki.northeurope.cloudapp.azure.com/agilitywiki/index.php?title=Setup_Basic_Auth_for_Interfaces&oldid=2448"