Versions Compared

Old Version 8

changes.mady.by.user Anand Rajaraman

Saved on

compared with

New Version Current

changes.mady.by.user Anand Rajaraman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Prior to Velocity 3.7 SP1 release, the Velocity Web Service Client (VWSC) application used the Anonymous Authentication mode, which used the Forms Authentication Provider. As a result, when you initially hit the VWSC website, a login page displays and is authenticated by the Velocity Web Service.

Starting from the Velocity 3.7 SP1 release, the Administrator can disable Anonymous Authentication and define Windows Authentication to support Auto-Login capability. For users logged in as an authorized Velocity operator in the Velocity domain in Windows system on their device, the VWSC login page is bypassed to enable the Auto-Login feature.

Enabling Auto-Login using Windows Authentication Provider

The VWSC application uses Anonymous authentication by default. To enable Auto-Login capability using Windows Authentication you must make configuration changes to the following:

  • IIS configuration

  • VWSC website configuration

  • Velocity database

  • Browser settings

Configuring IIS for Windows Authentication in Windows 10 and above

The steps below enable Windows Authentication in IIS where Velocity Web Client or VWSC bundle is installed.

  1. Go to Control PanelPrograms.

  2. Locate and click on “Turn Windows Features on or off” link as shown below.

  3. In Windows Features dialog, expand Internet Information Services → World Wide Web ServicesSecurity to see the available options.

  4. Select the following highlighted options (if not selected already), and then click OK.

    • World Wide Web ServicesSecurity → Basic Authentication

    • World Wide Web ServicesSecurity → Request Filtering

    • World Wide Web ServicesSecurity → Windows Authentication
      A progress dialog shows that Windows is  building the selected feature changes.

  5. Click Close after Windows completes the requested changes. Windows Authentication mode is now enabled in IIS.

Configuring IIS for Windows Authentication in Microsoft Windows Server 2016 and above

The steps below enable Windows Authentication in IIS on Windows Server where Velocity Web Client or VWSC bundle is installed.

  1. Go to Run and type ServerManager and press Enter or click Server Manager button in the Windows taskbar.
    The Server Manager Dashboard screen displays as shown.

  2. Click Add roles and features link in Dashboard.

  3. Read the wizard instructions and click Next to continue.

  4. In Select installation type choose Role-based or feature-based Installation radio button.

  5. Choose to Select a server from the server pool radio button.

  6. Select the Windows Server 2016 from Server Pool and click Next.

  7. Select the following highlighted options (if not selected already) and then click Next.

    1. Select Server Roles. Choose the following options under Roles:

      1. Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Request Filtering (Installed)

      2. Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Basic Authentication

      3. Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Windows Authentication

        Skip to the Confirmation menu in the Add Roles and Features Wizard

  8. In Confirm installation selections click Install to enable Windows Authentication on Windows 2016 Server.

    The Installation progress window display the progress of the Feature Installation.

  9. Click Close after the installation is done.

Velocity Web Service Client Website Configuration

The Velocity Web Service Client Website configuration is done in the system where the Velocity Web Client and Website is installed or hosted.

  1. On the desktop, click StartPrograms or All ProgramsAdministrative ToolsInternet Information Services (IIS) Manager.

  2. On the left panel in connections, select UserSitesDefault Web SitesVWSC.

  3. Double-click Authentication.

  4. The VWSC Authentication window displays. Right click Anonymous Authentication to Disable or select Disable link as shown.

  5. Right click Windows Authentication to Enable or select Enable link as shown.
    Except Windows Authentication all other authentications must be disabled.

  6. Right click Windows Authentication and select Advanced Settings or click Advanced Settings link as shown.

  7. In Advanced Settings dialog box, select Accept from Extended Protection drop-down and click OK as shown below.

  8. In IIS Manager window, right click Default Web SiteAll TasksRestart IIS for the changes to take place as shown below.

PIV Enrollment using Windows Authentication

To configure anonymous authentication using IIS, you need to:

...

Periodic recycling of application pool helps to avoid unstable states that can lead to application crashes, hangs, or memory leaks. For details on how to recycle settings on application pool, refer https://tinyurl.com/y44yb4mm

Configuring Browser Settings

Auto login window appears only if the user is currently logged into their device as a member of the Velocity Users group in the Velocity domain and is an authorized Velocity operator.

...