Windows Authentication is a method of authentication used in Internet Information Services (IIS), Microsoft’s web server software. In the context of this article, its application is more specific than the usual general securing of files when used with NTFS permissions.
There are Administration and Approval features that are available only to those users with appropriate permissions set in Triaster Server. The Administration and Approvals webpages have required an explicit log-on to access such features. In the most recent versions of Triaster Server, there is the option of using Windows Authentication, where the user is identified from the web request, that user’s default e-mail address sought from Active Directory, and used to identify the user as recorded in Triaster Server. If the user has the necessary permissions, the secured webpage is opened without a challenge for credentials.
These configurations apply to those who view and use Process Library websites through Internet Explorer.
1. Integrated Windows Authentication needs to be enabled
2. Automatic logon needs to be enabled
For installation, configuration and support purposes, the Triaster Services user (aka Publication user) should be recognised as a user with full permissions on secured functionality.
This needs to be done before switching to Windows Authentication (described below). Otherwise, this functionality will be inaccessible to the Triaster Services user.
In Internet Information Services (IIS), web applications associated with secured functionality have to be authenticated using Windows Authentication, with other authentication methods disabled. This is most easily achieved by running the Triaster Server postinstall executable with the appropriate arguments.
(Run ‘as administrator’.)
Triaster\TriasterServer2011\Services\ TriasterServerPostInstall.exe /a:”windows”
When prompted, check the proposed configurations before proceeding.
To revert to challenge authentication, the executable would be run with this argument:
Triaster\TriasterServer2011\Services\ TriasterServerPostInstall.exe /a:”forms”
If using a fully-qualified host name (perhaps using an alias), that host name needs to be excluded from the Windows loopback security check to allow access to these features when working directly on the server.
1. In the Registry, create a new Multi-String Value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Lsa\MSV1_0\ BackConnectionHostNames
2. Modify the Value, adding:
AliasOrHost.domain.com (and press ENTER.)
‘DisableLoopbackCheck. Lets do it the right way’
This article has described how users can be authenticated automatically without a challenge for credentials when accessing secured features of Triaster Server.