Configuring Secure Access for WebFOCUS Visual Discovery Server AE

How to:

This section describes how to configure WebFOCUS Visual Discovery Server AE for secure access.


Top of page

x
Procedure: How to Configure Secure Access (HTTPS With Windows Authentication)

To configure WebFOCUS Visual Discovery Server AE for secure access (using HTTPS with Windows Authentication) on Windows Server 2008 or 2012 with IIS Version 7.0 or higher:

  1. Configure IIS to support HTTPS connections by performing the following steps:
    1. In the Server Manager application, select the IIS Manager component under the web server role.
    2. Ensure that the list of bindings for your website includes *:443 (https), as shown in the following image.

    3. If the HTTPS is not included, edit the bindings to add it, once you have obtained a commercial SSL Server certificate (or created a self-signed one).

      For more information, see the Server Certificates feature of your server in IIS Manager.

  2. Edit the web.config file in the WebFOCUS Visual Discovery Server AE installation directory by performing the following steps:

    Note: To edit the web.config file, ensure that you have the required administrative permissions to access and modify this file.

    1. Right click the web.config file and select Properties from the drop-down menu.
    2. In the Security tab, click the Edit button to change permissions.
    3. Click on Users and check Allow to all fields in the Permission for Users section, as shown in the following image.

    4. Click OK.
    1. Use Notepad (right-click and Run as administrator on Windows Server 2008 or 2012 with User Account Control enabled) or an XML editor to open the web.config file, which is located in the following directory:
      C:\Program Files\Information Builders\WebFOCUS Visual Discovery Server AE

      Note: If the web.config file is locked, check to see if it is in use by the Visual Discovery process (w3wp), or the IIS process (W3SVC). Stop the appropriate process to unlock the file.

    2. In the system.serviceModel section, edit the bindings subsection to comment out the webHttpBinding, basicHttpBinding, and customBinding subsections for http Protocol Anonymous Access, and uncomment them for https Protocol with Windows Authentication Access.

      Perform this action by moving the --> sequence from the end of the http Protocol Anonymous Access line, down 18 lines to the end of the next </customBinding> line, and moving the same sequence up 22 lines to the end of the https Protocol with Windows Authentication Access line.

    3. Save the changes to the web.config file and exit Notepad.
  3. Configure the ADV web application to enable Windows authentication by performing the following steps:
    1. Click on the ADV application (virtual directory) in the tree view pane of IIS Manager.
    2. In the Features View, double-click the Authentication icon in the IIS section.
    3. Disable Anonymous Authentication and enable Windows Authentication.
  4. Specify the users and groups authorized to access the WebFOCUS Visual Discovery Server AE web application by performing the following steps:

    Windows Server 2008 R2 (IIS Version 7.5) or Windows Server 2012 (IIS Version 8)

    1. Click Default Web Site in the IIS tree view.
    2. Double-click the .NET Authorization Rules icon (under ASP.NET).
    3. Add a Deny Rule to deny All Users access.
    4. Select the ADV application in the tree view and double-click .NET Authorization Rules.
    5. Add an Allow Rule, specifying the individual accounts or groups desired.

      Note: This step edits the web.config file. Take caution not to overwrite this change by resaving the file from Notepad.

    Windows Server 2008 R1 (IIS Version 7.0)

    1. Since the .NET Authorization Rules icons are not available in this release, the web.config file must be edited manually. For example:
      <system.web>
        <authentication mode="Windows" />
        <authorization>
           <allow users="yourdomain\user1,yourdomain\user2" />
           <deny users="*" />
        </authorization>
    2. The WebFOCUS Visual Discovery Server AE Project directory page can then be accessed from any PC, logged on with an authorized user account. Use any browser that supports Microsoft Silverlight. The Project directory can also be accessed from the WebFOCUS Visual Discovery AE application from the following URL:
      https://server/adv

      If the client PC is not logged on to the server or server domain with an authorized account, the PC user will be prompted to do so.


Top of page

x
Procedure: How to Configure Secure Access (HTTPS With Windows Basic Authentication)

If you prefer to use Windows Basic authentication, which transmits passwords unencrypted, then use the HTTPS protocol.

Note:

  1. Add the following lines to the <bindings> section of the web.config file:
    <!-- Use these bindings for https protocol with Basic (Windows) authentication access -->
          <webHttpBinding>
            <binding name="RestBinding">
              <security mode="Transport">
                <transport clientCredentialType="Basic" />
              </security>
            </binding>
          </webHttpBinding>
          <basicHttpBinding>
            <binding name="BasicBinding">
              <security mode="Transport">
                <transport clientCredentialType="Basic" />
              </security>
            </binding>
          </basicHttpBinding>
          <customBinding>
            <binding name="BinaryBinding">
              <binaryMessageEncoding />
              <httpsTransport authenticationScheme="Basic" />
            </binding>
          </customBinding>
  2. Comment out all other binding methods.
  3. Save the web.config file.

WebFOCUS