+ Post New Thread
Results 1 to 15 of 15
Home Access Plus+ Thread, NTLM/Integrated authentication? in Projects:; Hi, I've been evaluating HAP to see how well it would work for us and it looks pretty neat I've ...
  1. #1

    Join Date
    May 2007
    Location
    Southampton
    Posts
    93
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    15

    NTLM/Integrated authentication?

    Hi,

    I've been evaluating HAP to see how well it would work for us and it looks pretty neat I've had a quick look but couldn't find any mention of being able to use IIS's Integrated Authentication. Is it possible to authenticate to HAP using that instead of the form somehow? The reason is that we're using a Microsoft TMG reverse proxy setup for access to various things on the network, and it would be nice to not need to log in more than once.

    Thanks

  2. #2
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,520
    Thank Post
    37
    Thanked 501 Times in 432 Posts
    Rep Power
    113
    Previous Versions of HAP+ supported Basic Authentication (v6 and below) but v7 only supports using forms authentication. I am going to be looking at releasing another HAP.AD dll which will support Basic/NTLM auth in v8

  3. #3

    Join Date
    May 2007
    Location
    Southampton
    Posts
    93
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    Awesome, thanks!

  4. #4
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,288
    Thank Post
    605
    Thanked 160 Times in 145 Posts
    Blog Entries
    78
    Rep Power
    83
    Quote Originally Posted by nickbro View Post
    Previous Versions of HAP+ supported Basic Authentication (v6 and below) but v7 only supports using forms authentication. I am going to be looking at releasing another HAP.AD dll which will support Basic/NTLM auth in v8
    +1 as a feature request for that for me too!

  5. #5
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,520
    Thank Post
    37
    Thanked 501 Times in 432 Posts
    Rep Power
    113
    Right, I think I've managed to get something in HAP+ now so it will support Basic Authentication again, needs to be basic for impersonation to work, if you are not using the my files sections you can use NTLM.

    How does this sound?

    This setting will be enabled by tweaking the web.config file and adding an extra line to hapConfig.xml.

    This setting will not be configurable via the config page!

    Set the AuthMode="Windows" of the AD attribute in the hapConfig.xml file will tell HAP+ to switch it's internals for Windows Authentication instead of Forms.

    I'll hopefully get a test setup for this tomorrow to see if it works at all, and see what web.config exceptions I'll need to add in to make it work.

  6. #6

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I've changed AuthMode="Forms" to AuthMode="Windows" in web.config.xml, but I get "Access is Denied".

    What do I have to add into hap.config.xml?

  7. #7
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,520
    Thank Post
    37
    Thanked 501 Times in 432 Posts
    Rep Power
    113
    @CHiLL, this isn't released yet, it's a v7.8 task, I've got a lot of web.config changes to make to get this working

  8. #8

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ok.

  9. #9

    Join Date
    May 2007
    Location
    Southampton
    Posts
    93
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    It's a shame about the My Files not working because that's one of the best features, but I think TMG supports basic authentication so it might not be an issue for us. Only one way to find out Thanks for your work on this!

  10. #10
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,520
    Thank Post
    37
    Thanked 501 Times in 432 Posts
    Rep Power
    113
    Good news everybody! NTLM & Basic Authentication Models will be supported in v7.7 due for release during the weekend

    Note: NTLM does not support Impersonation correctly, and wont give correct information for the My Files section.

    The settings are just as detailed above, I've managed to get it working without editing the web.config file (except via IIS).

    Steps to enable Windows Authentication:

    1. Remote onto your Server
    2. Load IIS Manager
    3. Select the Application
    4. Under Authentication, disable Forms Authentication and enable Windows/Basic (For Basic also put the default domain/default realm info in), leave anonymous auth on though
    5. Open ~/app_data/hapConfig.xml in notepad
    6. Add AuthMode="Windows" to the <AD> node

    If you are using IIS6, you will need to edit the web.config file:

    Replace mode="Forms" with mode="Windows" on line 24:
    HTML Code:
     <authentication mode="Forms">
       <forms loginUrl="~/login.aspx" defaultUrl="~/" />
      </authentication>
    to
    HTML Code:
     <authentication mode="Windows">
       <forms loginUrl="~/login.aspx" defaultUrl="~/" />
      </authentication>
    Last edited by nickbro; 24th November 2011 at 09:40 PM.

  11. #11
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,288
    Thank Post
    605
    Thanked 160 Times in 145 Posts
    Blog Entries
    78
    Rep Power
    83
    Great news Nick. This is what I like to see. Any idea why the DLLs do not like reading my AD structure? Will the change in auth methods here maybe make a difference? Im able to do some testing for you if you need. Running 7.x side by side with the original 6.5 version....

  12. #12
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,520
    Thank Post
    37
    Thanked 501 Times in 432 Posts
    Rep Power
    113
    Nope none, only thing I can suggest is trying one of the latest DLL's that I've posted here: Basic Help Needed! and checking the HAP+ Event Viewer Log file

  13. #13

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Code:
    <AD>
        <OUs>
        </OUs>
        <AuthMode="Windows" />
      </AD>
    Is it supposed to look like that in hapconfig.xml?

    And then in Authentication in IIS, it should appear as:

    Code:
    Anonymous: Enabled
    ASP.NET Impersonation: Disabled
    Basic Authentication: Disabled
    Digest Authentication: Disabled
    Forms Authentication: Disabled
    Windows Authentication: Enabled
    And that should allow a user to be automatically logged in, without having to enter credentials, providing they're logged onto a computer with valid AD credentials?

    That setup isn't working for me.

  14. #14
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,520
    Thank Post
    37
    Thanked 501 Times in 432 Posts
    Rep Power
    113
    Quote Originally Posted by nickbro View Post
    Steps to enable Windows Authentication:

    1. Remote onto your Server
    2. Load IIS Manager
    3. Select the Application
    4. Under Authentication, disable Forms Authentication and enable Windows/Basic (For Basic also put the default domain/default realm info in), leave anonymous auth on though
    5. Open ~/app_data/hapConfig.xml in notepad
    6. Add AuthMode="Windows" to the <AD> node
    This should now read:

    HTML Code:
    ...  
    <AD username="administrator" password="" upn="" studentsgroup="" AuthMode="Windows">
    ...

  15. Thanks to nickbro from:

    CHiLL (5th December 2011)

  16. #15

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Right, I saw that, but didn't know exactly where to put it in that node.

    That's working now, thanks.

    I'm now downplaying this booking system for now, as it doesn't need to be implemented live until August 2012 for the next academic year.
    Last edited by CHiLL; 5th December 2011 at 11:19 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Moodle / HAP+ integrated authentication?
    By jdmackay in forum Web Development
    Replies: 2
    Last Post: 3rd November 2011, 11:33 AM
  2. Integrated Authentication and room booking
    By Disaster in forum Wireless Networks
    Replies: 1
    Last Post: 8th June 2011, 06:57 PM
  3. Exchange Server 2003 OWA Integrated Authentication
    By skenmy in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 23rd September 2009, 12:36 AM
  4. Kaliedos - Windows Integrated Authentication
    By steele_uk in forum Virtual Learning Platforms
    Replies: 3
    Last Post: 25th July 2008, 11:49 AM
  5. Replies: 6
    Last Post: 27th February 2007, 08:00 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •