Windows Authentication for Velocity Web Service Client (VWSC)_v3.8.5

Owned by Anand Rajaraman
Last updated: Jun 20, 2024
6 min read

Overview

Prior to Velocity 3.7 SP1 release, the Velocity Web Service Client (VWSC) application used the Anonymous Authentication mode, which used the Forms Authentication Provider. As a result, when you initially hit the VWSC website, a login page displays and is authenticated by the Velocity Web Service.

Starting from the Velocity 3.7 SP1 release, the Administrator can disable Anonymous Authentication and define Windows Authentication to support Auto-Login capability. For users logged in as an authorized Velocity operator in the Velocity domain in Windows system on their device, the VWSC login page is bypassed to enable the Auto-Login feature.

Enabling Auto-Login using Windows Authentication Provider

The VWSC application uses Anonymous authentication by default. To enable Auto-Login capability using Windows Authentication you must make configuration changes to the following:

  • IIS configuration

  • VWSC website configuration

  • Velocity database

  • Browser settings

Configuring IIS for Windows Authentication in Windows 10 and above

The steps below enable Windows Authentication in IIS where Velocity Web Client or VWSC bundle is installed.

  1. Go to Control PanelPrograms.

  2. Locate and click on “Turn Windows Features on or off” link as shown below.

  3. In Windows Features dialog, expand Internet Information Services → World Wide Web ServicesSecurity to see the available options.

  4. Select the following highlighted options (if not selected already), and then click OK.

    • World Wide Web ServicesSecurity → Basic Authentication

    • World Wide Web ServicesSecurity → Request Filtering

    • World Wide Web ServicesSecurity → Windows Authentication
      A progress dialog shows that Windows is  building the selected feature changes.

  5. Click Close after Windows completes the requested changes. Windows Authentication mode is now enabled in IIS.

Configuring IIS for Windows Authentication in Microsoft Windows Server 2016 and above

The steps below enable Windows Authentication in IIS on Windows Server where Velocity Web Client or VWSC bundle is installed.

  1. Go to Run and type ServerManager and press Enter or click Server Manager button in the Windows taskbar.
    The Server Manager Dashboard screen displays as shown.

  2. Click Add roles and features link in Dashboard.

  3. Read the wizard instructions and click Next to continue.

  4. In Select installation type choose Role-based or feature-based Installation radio button.

  5. Choose to Select a server from the server pool radio button.

  6. Select the Windows Server 2016 from Server Pool and click Next.

  7. Select the following highlighted options (if not selected already) and then click Next.

    1. Select Server Roles. Choose the following options under Roles:

      1. Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Request Filtering (Installed)

      2. Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Basic Authentication

      3. Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Windows Authentication

        Skip to the Confirmation menu in the Add Roles and Features Wizard

  8. In Confirm installation selections click Install to enable Windows Authentication on Windows 2016 Server.

    The Installation progress window display the progress of the Feature Installation.

  9. Click Close after the installation is done.

Velocity Web Service Client Website Configuration

The Velocity Web Service Client Website configuration is done in the system where the Velocity Web Client and Website is installed or hosted.

  1. On the desktop, click StartPrograms or All ProgramsAdministrative ToolsInternet Information Services (IIS) Manager.

  2. On the left panel in connections, select UserSitesDefault Web SitesVWSC.

  3. Double-click Authentication.

  4. The VWSC Authentication window displays. Right click Anonymous Authentication to Disable or select Disable link as shown.

  5. Right click Windows Authentication to Enable or select Enable link as shown.
    Except Windows Authentication all other authentications must be disabled.

  6. Right click Windows Authentication and select Advanced Settings or click Advanced Settings link as shown.

  7. In Advanced Settings dialog box, select Accept from Extended Protection drop-down and click OK as shown below.

  8. In IIS Manager window, right click Default Web SiteAll TasksRestart IIS for the changes to take place as shown below.

PIV Enrollment using Windows Authentication

To configure anonymous authentication using IIS, you need to:

  1. Run notepad as admin

  2. Open %WINDIR%\System32\inetsrv\config\applicationHost.config

  3. Save it as %WINDIR%\System32\inetsrv\config\applicationHost.config.bak for backup purposes

  4. Find following string:
    <section name="anonymousAuthentication" overrideModeDefault="Deny" />

  5. Replace Deny with Allow

  6. Save file as %WINDIR%\System32\inetsrv\config\applicationHost.config

  7. Recycle app pool, to be 100% sure that IIS re-reads web.config

Periodic recycling of application pool helps to avoid unstable states that can lead to application crashes, hangs, or memory leaks. For details on how to recycle settings on application pool, refer https://tinyurl.com/y44yb4mm

Configuring Browser Settings

Auto login window appears only if the user is currently logged into their device as a member of the Velocity Users group in the Velocity domain and is an authorized Velocity operator.

Google Chrome browser operation is based on IE settings. Browsers such as Mozilla Firefox and Microsoft Edge prompts for username and password to login to VWSC Website.

A. The following steps allow the user to configure IE without prompting their credentials over trusted sites:

  1.  Open Internet Explorer.

  2. Click Tools menu and select Internet Options.

  3. Select Security tab.

  4. Click the Local Intranet Web content zone.

  5. Select Sites and Check Automatically Detect Intranet Network.

  6. Click Advance.

  7. Add VWSC website URL for example:
    <<System Name/IP >>/VWSC, http://SYSTEMNAME/VWSC or http://<IP-Address>/VWSC.

  8. After you are done, Click Close and OK.

  9. Now, click the Custom level button.

  10. From the list of settings, scroll to the bottom to select Automatic logon only in Intranet zone.

  11. Click OK.

B.  The following steps allows the user to configure latest IE versions to add the website URL to work properly.

  1.  Open Internet Explorer.

  2. Click Tools menu and select Internet Options as shown below.

Follow step 3 till step 8 below in latest Google Chrome versions to complete the procedure.

C.   The following steps allows to add the website URL to work properly in latest Google Chrome versions:

  1. Go to Google Chrome and Settings.

  2. Click AdvancedSystemOpen Proxy Settings as shown below.

  3. In Internet Properties windows, select Security tab as shown.

  4. Click Sites in Internet Properties.

  5. The Local Intranet dialog window opens as shown.

  6. Select Advanced in Local Intranet.

  7. In the Local Intranet dialog window enter "http://localhost/VWSC" and click Add as shown.

  8. The URL is added to the Websites text area in Local Intranet. Click Close.

D.   The following steps allows to add the website URL to work properly in earlier Google Chrome versions:

  1.  Go to Google ChromeOptions.

  2. Select Under the Hood tab → Change Proxy Settings as shown.

  3. Select Security (tab) → Local Intranet/SitesAdvanced → Add "http://localhost/VWSC" to the URL List.

  4. Click Close.