OTP Server. Integration module. Nordic Edge AD Membership Provider for Microsoft ASP.NET. Version 1.0, rev. 6. Nordic Edge 2009-02-25



Similar documents
OTP Server Integration Module

IIS SECURE ACCESS FILTER 1.3

MICROSOFT ISA SERVER 2006

OTP Server Integration Module

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

McAfee One Time Password

R i o L i n x s u p p o r r i o l i n x. c o m 1 / 3 0 /

Administrator's Guide

Jive Connects for Microsoft SharePoint: Troubleshooting Tips

Sitecore Security Hardening Guide

How to configure the DBxtra Report Web Service on IIS (Internet Information Server)

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

MarkLogic Server. Connector for SharePoint Administrator s Guide. MarkLogic 8 February, 2015

EMC Documentum Connector for Microsoft SharePoint

Enterprise Knowledge Platform

How To Configure The Active Directory Module In Sitecore Cms (For A Web.Com User)

Administrator's Guide

Installation for WEB Server Windows 2003

Configuring Claims Based FBA with Active Directory store 1

Microsoft Dynamics CRM Security Provider Module

Click Studios. Passwordstate. Installation Instructions

One Time Password Server

Click Studios. Passwordstate. Upgrade Instructions to V7 from V5.xx

FaxCore 2007 Database Migration Guide :: Microsoft SQL 2008 Edition

metaengine DataConnect For SharePoint 2007 Configuration Guide

Weather Web Part. Enterprise Version with Active Directory Support. AMREIN ENGINEERING AG Version 2.4. June 2015

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Using Internet or Windows Explorer to Upload Your Site

Eylean server deployment guide

Installation Manual v2.0.0

Integration Package for Microsoft Office SharePoint3

ScanJour PDF 2014 R8. Configuration Guide

NSD1168 How to Install One Time Password Server Prefetch ASP.NET Web Application on IIS 6

TIBCO Spotfire Automation Services Installation and Configuration

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

BusinessObjects Enterprise XI Release 2

Installing Autodesk Vault Server 2012 on Small Business Server 2008

SAS Agent for Outlook Web App

Using LDAP for User Authentication

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

ImageNow Interact for Microsoft SharePoint Installation, Setup, and User Guide

DIGIPASS Pack for Citrix on WI 4.5 does not detect a login attempt. Creation date: 28/02/2008 Last Review: 04/03/2008 Revision number: 2

Sitecore Ecommerce Enterprise Edition Installation Guide Installation guide for administrators and developers

Using LDAP for User Authentication

Perceptive Intelligent Capture Solution Configration Manager

Click Studios. Passwordstate. Installation Instructions

Practice Fusion API Client Installation Guide for Windows

Click Studios. Passwordstate. Installation Instructions

IFS TOUCH APPS SERVER INSTALLATION GUIDE

FTP, IIS, and Firewall Reference and Troubleshooting

Acano solution. Acano Manager R1.1 FAQs. Acano. December G

RoomWizard Synchronization Software Manual Installation Instructions

BlackShield ID Agent for Remote Web Workplace

Export Server Object Extension and Export Task Install guide. (V1.1) Author: Domenico Ciavarella ( )

IBM Business Process Manager Version IBM Business Process Manager for Microsoft SharePoint Add-On Installation Guide

Setting Up SSL on IIS6 for MEGA Advisor

HOWTO: Installation of Microsoft Office SharePoint Server 2007

Use Enterprise SSO as the Credential Server for Protected Sites

FileWay Administrator s Guide. Version 4

Active Directory Backend Users. Installation Guide

c360 Portal Installation Guide

Dovico Timesheet v12 INSTALLATION GUIDE

TIBCO Spotfire Automation Services 6.5. Installation and Deployment Manual

Security Provider Integration RADIUS Server

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Capture Pro Software FTP Server Output Format

FocusOPEN Deployment & Configuration Guide

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

PowerLink for Blackboard Vista and Campus Edition Install Guide

EPiServer Operator's Guide

Sentinel Installation Guide

BlackBerry Enterprise Server Resource Kit

Cache Configuration Reference

An Oracle White Paper March Integrating Microsoft SharePoint Server With Oracle Virtual Directory

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

TROUBLESHOOTING RSA ACCESS MANAGER SINGLE SIGN-ON FOR WEB-BASED APPLICATIONS

BUILDER 3.0 Installation Guide with Microsoft SQL Server 2005 Express Edition January 2008

Setup Instructions for Firm-Hosted Client Access

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

versasrs HelpDesk quality of service

Installing the ASP.NET VETtrak APIs onto IIS 5 or 6

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

SAS 9.3 Foundation for Microsoft Windows

FileMaker Server 11. FileMaker Server Help

CA Technologies SiteMinder

SAML v1.1 for.net Developer Guide

Capture Pro Software FTP Server System Output

aims sql server installation guide

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

RMCS Installation Guide

Installing GS Analyze version 8.5

Using LDAP Authentication in a PowerCenter Domain

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Deploying EMC Documentum WDK Applications with IBM WebSEAL as a Reverse Proxy

Apache Server Implementation Guide

FaxCore Ev5 Database Migration Guide :: Microsoft SQL 2008 Edition

Installing LearningBay Enterprise Part 2

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

Transcription:

OTP Server Integration module Nordic Edge AD Membership Provider for Microsoft ASP.NET Version 1.0, rev. 6 Nordic Edge 2009-02-25 Summary: Installation guide for a Custom ISS web site www.nordicedge.se

Copyright Nordic Edge, 2009 Content 1 OVERVIEW... 4 1.1 INTEGRATION OVERVIEW... 4 2 INSTALLATION... 5 2.1 MINIMUM REQUIREMENTS... 5 3 INSTALLING THE INTEGRATION MODULE... 6 3.1 COPY FILES TO THE CUSTOM WEB SITE... 6 3.2 REGISTER DLL FILES INTO THE GLOBAL ASSEMBLY CACHE... 8 4 CONFIGURATION - CUSTOM IIS SITE... 9 4.1 CONFIGURE INTERNET INFORMATION SERVICES (IIS) WEB SITE... 9 5 RESTART THE WEB SERVER... 13 5.1 RESTARTING IIS... 13 6 TESTING THE WEB APPLICATION... 14 6.1 RUNNING THE CUSTOM WEB SITE WITH NE MEMBERSHIP PROVIDER... 14 6.2 CUSTOMIZING THE LOGIN PAGE... 15 7 APPENDIX A... 16 7.1 TROUBLESHOOTING... 16 Sida 2 av 16

About Nordic Edge Nordic Edge is a leading provider of trusted Identity and Access Management (IAM) solutions that enable organisations to secure and manage their digital identities. With Nordic Edge s solutions, organisations can improve business processes and meet regulatory compliance requirements. The offering includes two-factor authentication, role based delegated user administration, synchronization and provisioning. More than 10 million identities are being administered by Nordic Edge s solutions and over 1 million users securely login with Nordic Edge s products each month. Nordic Edge was founded 2001 in Sweden and has customers in more than 25 countries. Sida 3 av 16

1 Overview NordicEdge One-Time Password Server adds an extra security layer to protect your applications. When the user id and password is successfully verified, a One-Time Password is sent to the user s mailbox or mobile phone through SMS (Short Message Services). This One-Time Password will be verified and only then will the user be authenticated to the application. 1.1 Integration overview ASP.Net gives possibility to create a custom membership provider, which you might do to link the membership system. Once you have a custom membership provider, you can configure your application to use that provider in the same way that you configure the application to use an ASP.NET provider. The Membership class will automatically invoke your custom provider to communicate with your authentication data source. 1.1.1 Nordic Edge ASP.NET Membership Provider Components A custom aspx page is required to use Nordic Edge Membership Provider. The page is called CustomLogin.aspx and will be accessed and handled by the Nordic Edge ASP.NET Membership Provider. The provider itself contains of three dll files which remains on the server. Nordic Edge Membership Provider includes a Role Provider that supports Microsoft Active Directory. This is what you have to do! Copy files to the web site Register DLL files into the Global Assembly Cache Configure Nordic Edge Membership Provider in web.config files Restart IIS Sida 4 av 16

2 Installation 2.1 Minimum Requirements This section describes the installation of the Nordic Edge ASP.NET Membership Provider. 2.1.1 Windows Server Windows 2003 Server or later 2.1.2 OTP Server OTP Server 1.6 (Build 2471) or higher. OTP Server must be configured before the integration module can be used. See OTP Server Administration Manual for more information on how to configure this. Sida 5 av 16

3 Installing the integration module This chapter describes what s needed for the installation. These are the steps you have to go through: 1. Copy files to the web site 2. Register DLL files into Global Assembly Cache 3. Configure Nordic Edge Membership Provider in web.config file 4. Restart IIS 3.1 Copy files to the Custom Web site Copy the contents from MySite folder into your Web site under \Inetpub\wwwroot Basic installation files for a Custom web site: Folder Site root \bin \images \protected_pages (for test purposes) Files CustomLogin.aspx NE_web.config NordicEdgeADMembershipProvider.dll NordicEdgeOTP.dll NordicEdgeOTPASPplugin.dll A couple of image files SecretPage.aspx Web.config Sida 6 av 16

Figure: Custom site file structure Sida 7 av 16

3.2 Register DLL files into the Global Assembly Cache The DLL files are signed with Strong Names. You have to add these files to the GAC. Register the dll files below in the GAC (.NET Global Assembly Cache): NordicEdgeOTP.dll NordicEdgeADMembershipProvider.dll NordicEdgeOTPASPplugin.dll You can do this with Explorer by drag'n drop the dll files to the Assembly in c:\%windir%\assembly. Figure: The GAC assembly OR Use the gaqutil.exe (resides in C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin) example: gacutil -i NordicEdgeOTP.dll Figure: Gacutil.exe Sida 8 av 16

4 Configuration - Custom IIS site 4.1 Configure Internet Information Services (IIS) Web site NOTE: When you re done with this chapter, go to chapter Restart the web server This section describes how to configure a Web Site that uses Nordic Edge ASP.NET Membership Provider. It also provides information about the configuration options for NordicEdgeOTPASPplugin. The membership API is based on forms authentication and gives you with an out-of-the-box infrastructure for managing and authenticating users. Therefore, as the first step, you have to configure your application for forms authentication as usual. But you will structure the solution a little bit differently this time. The root directory of the web application grants access to anonymous users, while restricted resources are stored in subdirectories with restricted access. These subdirectories have their own web.config file that denies access to anonymous users. As soon as someone tries to access resources stored in this secured directory, the ASP.NET runtime automatically redirects the user to the login page. You can see the structure of the web application in the figure below. Figure: protected_pages 4.1.1 Web.config in protected_pages This configuration denies any anonymous user access to the website s secured subfolder. If someone who is not authenticated tries to access resources placed in this directory, the ASP.NET runtime automatically redirects the user to the public available login page (CustomLogin.aspx). <configuration> <appsettings/> <connectionstrings/> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </configuration Sida 9 av 16

4.1.2 Edit the <root> Web.config You have to configure the web.config file before you can use Nordic Edge ASP.NET Membership Provider. In the first step you must configure forms authentication mode. After you have configured the authentication mode you have to configure the membership provider for the application by adding the <membership> section to your web.config file. If your application doesn t have a web.config you just rename NE_web.config to web.config.!!! Before you make any changes: Make a copy of the current web.config file!!! <?xml version="1.0"?> <configuration> <system.web> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="forms"> <forms loginurl="customlogin.aspx" /> </authentication> <!-- The <membership> section enables the Nordic Edge ASP.NET Membership Provider. Variables and settings for Membership and Role Provider. Please modify connectionstringname, ldapsearchbase, ldaprolesearchbase and ldapusersearchbase. Keep: = Keep the given value Modify: = Modify to fit your environment Keep/modify: = The value may be edited though the default value is recommended. Membership Provider Action Variable Value Note Keep applicationname "/" Defaultvalue Modify connectionstringname "127.0.0.1:3100" Your OTP Server:Port Keep/modify name "neprovider" If you change this name, you also have to change defaultprovider= "new name" Keep type "NordicEdge.Web.Prov ider.admember... Modify ldapsearchbase "cn=users,dc=ad..." Ldap users context Keep ldapemailattribute "mail" Keep ldapusernameattribute "samaccountname" To be modified if you use Sida 10 av 16

userprincipalname as user name attribute. The OTP Server must search for userprincipalname in this case. Keep/modify ldapdisplaynameattribute "displayname" Keep/modify ldapsearchscope "SUB" BASE, ONE or SUB Keep/modify ldapproxyusername "" Built in privileges are used by default. If you want you re your own proxy user, insert values for a user account with appropriate privileges. Keep/modify ldapproxypassword "" See above Role Provider Action Variable Value Note Keep/modify cacherolesincookie "true" If you don t want roles to be cached in cookie, set the value to = false Keep/modify cookiename "ASPXROLES" Keep/modify cookiepath "/" Keep/modify cookietimeout "30" Minutes Keep/modify cookierequiressl "false" Keep/modify cookieslidingexpiration "true" Keep/modify createpersistentcookie "false" Keep/modify cookieprotection "All" Keep/modify name "neroleprovider" If you change this name, you also have to change defaultprovider= "new name" Keep applicationname "/" Defaultvalue Keep type "NordicEdge.Web.Prov ider.admember... Modify ldaprolesearchbase "ou=groups,dc=ad..." Ldap groups context Keep/modify ldaprolesearchscope "ONE" BASE, ONE or SUB Modify ldapusersearchbase "cn=users,dc=ad..." Ldap users context Keep/modify ldapusersearchscope "SUB" BASE, ONE or SUB Keep/modify ldaproleusernameattribut e "samaccountname" To be modified if you use userprincipalname as user name attribute. The OTP Server must search for userprincipalname in this case. Keep/modify ldapproxyusername "" Built in privileges are used by default. If you want you re your own proxy user, insert values for a user account with appropriate privileges. Keep/modify ldapproxypassword "" See above --> <membership defaultprovider="neprovider"> <providers> <add Sida 11 av 16

applicationname="/" connectionstringname="127.0.0.1:3100" name="neprovider" type="nordicedge.web.provider.admembershipprovider, NordicEdgeADMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a27fc70f1b8f276c" ldapsearchbase= "cn=users,dc=ad,dc=nordicedge,dc=se" ldapobjectclass = "user" ldapemailattribute = "mail" ldapusernameattribute = "samaccountname" ldapdisplaynameattribute = "displayname" ldapsearchscope = "SUB" ldapproxyusername ="" ldapproxypassword ="" /> </providers> </membership> <rolemanager enabled="true" defaultprovider="neroleprovider" > <providers> <clear /> <add cacherolesincookie="true" cookiename="aspxroles" cookiepath="/" cookietimeout="30" cookierequiressl="false" cookieslidingexpiration="true" createpersistentcookie="false" cookieprotection="all" name="neroleprovider" applicationname="/" type="nordicedge.web.provider.adroleprovider, NordicEdgeADMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a27fc70f1b8f276c" ldaprolesearchbase= "ou=groups,dc=ad,dc=nordicedge,dc=se" ldaprolesearchscope = "ONE" ldapusersearchbase= "cn=users,dc=ad,dc=nordicedge,dc=se" ldapusersearchscope = "SUB" ldaproleusernameattribute = "samaccountname" ldapproxyusername ="" ldapproxypassword ="" /> </providers> </rolemanager> <! Appsettings in the <configuration> section --> <appsettings> <add key="loginfailure" value="the user name or the password is incorrect. Please try again."/> <add key="otpfailure" value="the One-Time Password you entered was incorrect. Please reenter your user name and password."/> <add key="otperror" value="there is no connection with the OTP Server. Please contact your system administrator."/> <add key="logintext" value="sign In"/> <add key="changeadpasswordurl" value=""/> </appsettings> </configuration> Sida 12 av 16

5 Restart the web server 5.1 Restarting IIS Before you can use the Membership Provider, you have to restart IIS. Open a command prompt and type iisreset to restart the Internet Information System. Figure: Restarting IIS Sida 13 av 16

6 Testing the web application 6.1 Running the Custom web site with NE Membership Provider To test the web application in your browser, type the required URL such as: http://localhost:portnr/protected_pages/secretpage.aspx. Figure 1: Login page to protected site After supplying user name and password, the user will get authenticated and receives the OTP. Figure 2: The user is asked for the OTP Sida 14 av 16

After supplying the received OTP, Nordic Edge OTP Server will validate this OTP. If it is valid, the restricted page will be displayed as shown in the figure below. Figure 3: The protected site 6.2 Customizing the login page I f you want to change the images in the CustomLogin.aspx do the following. Open CustomLogin.aspx with Notepad. exe Copy your image(s) to the image directory and replace the image path in the file. Sida 15 av 16

7 Appendix A 7.1 Troubleshooting This section describes provides how to configure a Web Site that uses Nordic Edge IIS Membership Provider. It also provides information about the configuration options for NordicEdge OTPASPplugin. 7.1.1 Troubleshooting & support For troubleshooting and support, please go to http://www.nordicedge.se or send an email to support@nordicedge.se. Sida 16 av 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information