This section describes how to configure WebFOCUS Visual
Discovery Server AE for secure access.
x
Procedure: How to Configure Secure Access (HTTPS With Windows Authentication)
To
configure WebFOCUS Visual Discovery Server AE for secure access
(using HTTPS with Windows Authentication) on Windows Server 2008
or 2012 with IIS Version 7.0 or higher:
-
Configure
IIS to support HTTPS connections by performing the following steps:
-
In the Server Manager application, select the IIS Manager component
under the web server role.
-
Ensure that the list of bindings for your website includes *:443
(https), as shown in the following image.
-
If the HTTPS is not included, edit the bindings to add it,
once you have obtained a commercial SSL Server certificate (or created
a self-signed one).
For more information, see the Server Certificates feature
of your server in IIS Manager.
-
Edit the web.config file in
the WebFOCUS Visual Discovery Server AE installation directory by
performing the following steps:
Note: To
edit the web.config file, ensure that you have the required
administrative permissions to access and modify this file.
- Right click the web.config
file and select Properties from the drop-down
menu.
- In the Security tab,
click the Edit button to change permissions.
- Click on Users and
check Allow to all fields in the Permission for Users section, as
shown in the following image.
- Click OK.
-
Use Notepad (right-click and Run as administrator on
Windows Server 2008 or 2012 with User Account Control enabled) or
an XML editor to open the web.config file, which is located
in the following directory:
C:\Program Files\Information Builders\WebFOCUS Visual Discovery Server AE
Note: If the web.config file
is locked, check to see if it is in use by the Visual Discovery
process (w3wp), or the IIS process (W3SVC). Stop the appropriate
process to unlock the file.
-
In the system.serviceModel section, edit the bindings subsection
to comment out the webHttpBinding, basicHttpBinding, and customBinding subsections
for http Protocol Anonymous Access, and uncomment them for https
Protocol with Windows Authentication Access.
Perform this action by moving the --> sequence from
the end of the http Protocol Anonymous Access line, down 18 lines
to the end of the next </customBinding> line, and moving the
same sequence up 22 lines to the end of the https Protocol with
Windows Authentication Access line.
-
Save the changes to the web.config file and exit Notepad.
-
Configure
the ADV web application to enable Windows authentication by performing
the following steps:
-
Click on the ADV application (virtual directory) in the tree
view pane of IIS Manager.
-
In the Features View, double-click the Authentication icon
in the IIS section.
-
Disable Anonymous Authentication and enable Windows
Authentication.
-
Specify
the users and groups authorized to access the WebFOCUS Visual Discovery
Server AE web application by performing the following steps:
Windows Server 2008 R2 (IIS Version 7.5) or Windows Server 2012 (IIS Version 8)
-
Click Default Web Site in the IIS tree view.
-
Double-click the .NET Authorization Rules icon (under ASP.NET).
-
Add a Deny Rule to deny All Users access.
-
Select the ADV application in the tree view and double-click .NET
Authorization Rules.
-
Add an Allow Rule, specifying the individual accounts
or groups desired.
Note: This step edits the web.config file. Take
caution not to overwrite this change by resaving the file from Notepad.
Windows Server 2008 R1 (IIS Version 7.0)
-
Since the .NET Authorization Rules icons are not available
in this release, the web.config file must be edited manually. For example:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="yourdomain\user1,yourdomain\user2" />
<deny users="*" />
</authorization>
-
The WebFOCUS Visual Discovery Server AE Project directory page
can then be accessed from any PC, logged on with an authorized user
account. Use any browser that supports Microsoft Silverlight. The
Project directory can also be accessed from the WebFOCUS Visual
Discovery AE application from the following URL:
https://server/adv
If
the client PC is not logged on to the server or server domain with
an authorized account, the PC user will be prompted to do so.
x
Procedure: How to Configure Secure Access (HTTPS With Windows Basic Authentication)
If
you prefer to use Windows Basic authentication, which transmits
passwords unencrypted, then use the HTTPS protocol.
Note:
- Install the Basic
authentication role service for IIS, before you enable this authentication
method.
- WebFOCUS Visual Discovery
AE App client does not support Basic authentication.
-
Add the
following lines to the <bindings> section of the web.config
file:
<!-- Use these bindings for https protocol with Basic (Windows) authentication access -->
<webHttpBinding>
<binding name="RestBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding name="BasicBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="BinaryBinding">
<binaryMessageEncoding />
<httpsTransport authenticationScheme="Basic" />
</binding>
</customBinding>
-
Comment
out all other binding methods.
-
Save the web.config file.