MDrivenServer with Windows authentication

This article constitutes the documentation for configuring the MDrivenServer to use Windows authentication instead of password/username as with the default authentication.

MDrivenServer is a web application that has a UI and several WCF services. The authentication is different for web applications and WCF services but both needs are covered in this article.

The MDrivenServer is mostly used as a integrated part of a MDriven Turnkey installation – but it is equally correct to  run clients straight towards MDrivenServer.

In IIS turn on Windows authentication:

image 

If you do not have the line Windows Authentication you need to add the role to your IIS server.

Start MDrivenServer and navigate to <yoursite>/AccessFromServer.aspx

image

Press the Use Windows Auth – what this does is to make change web.config sections.

The Web.config has the attribute configSource  and it “lifts in” other files doing the actual configuration.

The current such configuration parts all reside in the App_Data folder and are called:

WebServices_ActualWFC.config This is the actual configuration setting up WCF endpoints as being SSL aware or not.

WebServices_SecurityWCFActual.config This is the actual configuration for WCF bindings and how they should authenticate.

WebServices_SecurityWEBUIActual.config This is the actual configuration for the web applications authentication mode

 

All the config parts that has the name Actual in them has 2 alternatives:

WebServices_ActualWFC.config either has the content from Webservices_NoSSL.config or Webservices_WithSSL.config

WebServices_SecurityWCFActual.config  has the content from WebServices_SecurityWCFForms.config or WebServices_SecurityWCFWindows.config

WebServices_SecurityWEBUIActual.config has the content from WebServices_SecurityWEBUIForms.config or WebServices_SecurityWEBUIWindows.config

 

The buttons “Use Forms Auth” and “Use Windows Auth” actually just copy the correct file to WebServices_SecurityWCFActual and WebServices_SecurityWEBUIActual.

The buttons “Use SSL setting” and “Use HttpOnly Setting” copy the correct file to WebServices_ActualWFC.

 

Once you have configured Windows Authentication you will see you domain name here:

image

To effectively use the services the caller must be authenticated and authorized.

The authorization is controlled by User Admin (<your site>/admin/UsersAndRolesAdmin.aspx).

image

You need to check that “Admin Require Identification” in order to stop anyone authenticated doing changes. You need to check “Services require identification” in order to stop anyone authenticated to access the WCF-Services. If you do – you must add the account running the MDrivenServer WebApplication to the list – since it must be able to use the WCF services in order to work.

Assign the role “SuperAdmin” to the app-pool user and the developers you want to control the executed model.

Assign the role “AppUser” to others.

This entry was posted in MDrivenServer and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*