This section describes how to configure WebFOCUS Visual
Discovery Server AE for secure access.
x
Procedure: How to Configure Secure Access (HTTPS With Windows Authentication)
To
configure WebFOCUS Visual Discovery Server AE for secure access
(using HTTPS with Windows Authentication) on Windows Server 2008
or 2012 with IIS Version 7.0 or higher:
-
Configure IIS to support HTTPS connections by
performing the following steps:
-
In the Server Manager application, select
the IIS Manager component under the web server role.
-
Ensure that the list of bindings for your website
includes *:443 (https), as shown in the following image.
-
If the HTTPS is not included, edit the bindings to
add it, once you have obtained a commercial SSL Server certificate
(or created a self-signed one).
For more information, see the Server Certificates feature
of your server in IIS Manager.
-
Edit
the web.config file in the WebFOCUS Visual Discovery Server AE installation
directory by performing the following steps:
-
Use Notepad (right-click and Run as administrator on
Windows Server 2008 or 2012 with User Account Control enabled) or
an XML editor to open the web.config file, which is located in the
following directory:
C:\Program Files\Information Builders\WebFOCUS Visual Discovery Server AE
-
In the system.serviceModel section, edit the
bindings subsection to comment out the webHttpBinding, basicHttpBinding, and customBinding subsections
for http Protocol Anonymous Access, and uncomment them for https
Protocol with Windows Authentication Access.
Perform this action by moving the --> sequence from
the end of the http Protocol Anonymous Access line, down 18 lines
to the end of the next </customBinding> line, and moving the
same sequence up 22 lines to the end of the https Protocol with
Windows Authentication Access line.
-
Save the changes to the web.config file and exit Notepad.
-
Configure the ADV web application to enable Windows authentication
by performing the following steps:
-
Click on the ADV application (virtual directory)
in the tree view pane of IIS Manager.
-
In the Features View, double-click the Authentication icon
in the IIS section.
-
Disable Anonymous Authentication and enable Windows
Authentication.
-
Specify the users and groups authorized to access the
WebFOCUS Visual Discovery Server AE web application by performing
the following steps:
Windows Server 2008 R2 (IIS Version 7.5) or Windows Server 2012 (IIS Version 8)
-
Click Default Web Site in the IIS
tree view.
-
Double-click the .NET Authorization Rules icon
(under ASP.NET).
-
Add a Deny Rule to deny All Users access.
-
Select the ADV application in the tree view and double-click .NET
Authorization Rules.
-
Add an Allow Rule, specifying the individual
accounts or groups desired.
Note: This step edits the web.config file. Take
caution not to overwrite this change by resaving the file from Notepad.
Windows Server 2008 R1 (IIS Version 7.0)
-
Since the .NET Authorization Rules icons
are not available in this release, the web.config file must be edited
manually. For example:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="yourdomain\user1,yourdomain\user2" />
<deny users="*" />
</authorization>
-
The WebFOCUS Visual Discovery Server AE Project directory page
can then be accessed from any PC, logged on with an authorized user
account. Use any browser that supports Microsoft Silverlight. The
Project directory can also be accessed from the WebFOCUS Visual
Discovery AE application from the following URL:
https://server/adv
If
the client PC is not logged on to the server or server domain with
an authorized account, the PC user will be prompted to do so.
x
Procedure: How to Configure Secure Access (HTTPS With Windows Basic Authentication)
If
you prefer to use Windows Basic Authentication, which transmits
passwords unencrypted, then use the HTTPS protocol.
Note:
- Install the Basic Authentication role service for IIS, before
you enable this Authentication method.
- WebFOCUS Visual Discovery AE App client does not support Basic authentication.
-
Add the following lines to the <bindings>
section of the web.config file:
<!-- Use these bindings for https protocol with Basic (Windows) authentication access -->
<webHttpBinding>
<binding name="RestBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding name="BasicBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="BinaryBinding">
<binaryMessageEncoding />
<httpsTransport authenticationScheme="Basic" />
</binding>
</customBinding>
-
Comment out all other binding methods.
-
Save the web.config file.