Integrated security (windows)

Release 1.02 - ...

If you want to use Integrated security (automatic logon with domain account) please change the following settings:

IIS 6.0
- Uncheck "Enable anonymous access" within the Directory Security tab of the site settings, unless you have mixed (secure and unsecure) content .
- Check "Integrated Windows Authentication" within the Directory Security tab of the site settings.

(If you want the CMS to run using Integrated security you have to uncheck the same option again within the virtual directory "CMS")

IIS 7.*

- Enable Windows Authentication within the Authentication properties of your site.
- Enable Anonymous Authentication as well if you have mixed (secure and unsecure) content.

(If you want the CMS to run using Integrated security you have to enable the Windows Authentication option again within the virtual directory "CMS")

Web.config
- Publication: Change the authentication mode from "Forms" to "Windows" and save the file (<authentication mode="Windows"/>).
- CMS: If you also want the CMS to run integrated security you also have to change the authentication mode within the <location path="cms"> <system.web> to <authentication mode="Windows" />.
Furthermore make sure the httpModule <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/> is called again after the clear of the httpModules.

Example snippet of web.config for the CMS server using Integrated Security;

XML	Copy Code
<location path="cms"> <system.web> <globalization requestEncoding="iso-8859-1" /> <authentication mode="Windows" /> <authorization> <allow users=""/> <!-- allow access for all users, the manager uses its own implementation for authenticating users --> </authorization> <httpModules> <clear/> <!-- clear the inherited httpModules --> <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/> <add name="Session" type="System.Web.SessionState.SessionStateModule" /> </httpModules> <httpHandlers> <clear /> <!--clear the inherited httpHandlers--> <add verb="" path="/cms/webservice.dws" type="Smartsite.Interop.IIS.WebserviceHandler,Smartsite.Interop" /> <add verb="" path="/cms/.dws" type="Smartsite.Interop.IIS.Handler,Smartsite.Interop" /> </httpHandlers> </system.web> </location>

XML

Copy Code

<location path="cms">
    <system.web>
        <globalization requestEncoding="iso-8859-1" />
        <authentication mode="Windows" />
        <authorization>
            <allow users="*"/>
            <!-- allow access for all users, the manager uses its own implementation for authenticating users -->
        </authorization>
        <httpModules>
            <clear/>
                  <!-- clear the inherited httpModules -->
            <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/>
            <add name="Session" type="System.Web.SessionState.SessionStateModule" />
        </httpModules> 
        <httpHandlers>  
            <clear />
            <!--clear the inherited httpHandlers-->
            <add verb="*" path="/cms/webservice.dws" type="Smartsite.Interop.IIS.WebserviceHandler,Smartsite.Interop" />
            <add verb="*" path="/cms/*.dws" type="Smartsite.Interop.IIS.Handler,Smartsite.Interop" />
        </httpHandlers>
    </system.web>
 </location>

- Restart the site.

Install & Config