Windows Authentication for Velocity Web Service Client (VWSC)_v3.8.4
Overview
Prior to Velocity 3.7 SP1 release, the Velocity Web Service Client (VWSC) application used Anonymous Authentication mode which used the Forms Authentication Provider. As a result, when you initially hit the VWSC website, a login page displays and is authenticated by the Velocity Web Service.
Starting from Velocity 3.7 SP1 release, the Administrator can disable Anonymous Authentication and define Windows Authentication to support Auto-Login capability. For users logged in as an authorized Velocity operator in Velocity domain into Windows system on their device, the VWSC login page is by-passed to enable the Auto-Login feature.
Enabling Auto-Login using Windows Authentication Provider
The VWSC application uses Anonymous authentication by default. To enable Auto-Login capability using Windows Authentication you must make configuration changes to the following:
IIS configuration
VWSC website configuration
Velocity database
Browser settings
Configuring IIS for Windows Authentication in Windows 10 and Windows Server 2016
Microsoft Windows 10
The steps below enable Windows Authentication in IIS where Velocity Web Client or VWSC bundle is installed.
Go to Control Panel → Programs.
Locate and click on “Turn Windows Features on or off” link as shown below.
In Windows Features dialog, expand Internet Information Services → World Wide Web Services → Security to see the available options.
Select the following highlighted options (if not selected already), and then click OK.
World Wide Web Services → Security → Basic Authentication
World Wide Web Services → Security → Request Filtering
World Wide Web Services → Security → Windows Authentication
A progress dialog shows that Windows is building the selected feature changes.
Click Close after Windows completes the requested changes. Windows Authentication mode is now enabled in IIS.
Microsoft Windows Server 2016
The steps below enable Windows Authentication in IIS on Windows Server 2016 where Velocity Web Client or VWSC bundle is installed.
Go to Run and type ServerManager and press Enter or click Server Manager button in the Windows taskbar.
The Server Manager Dashboard screen displays as shown.Click Add roles and features link in Dashboard.
Read the wizard instructions and click Next to continue.
In Select installation type choose Role-based or feature-based Installation radio button.
Choose to Select a server from the server pool radio button.
Select the Windows Server 2016 from Server Pool and click Next.
Select the following highlighted options (if not selected already) and then click Next.
Select Server Roles. Choose the following options under Roles:
Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Request Filtering (Installed)
Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Basic Authentication
Web Server (IIS) (20 of 43 Installed) → Web Server (14 of 34 Installed) → Security (1 of 9 Installed) → Windows Authentication
Skip to the Confirmation menu in the Add Roles and Features Wizard
In Confirm installation selections click Install to enable Windows Authentication on Windows 2016 Server.
The Installation progress window display the progress of the Feature Installation.
Click Close after the installation is done.
Velocity Web Service Client Website Configuration
The Velocity Web Service Client Website configuration is done in the system where the Velocity Web Client and Website is installed or hosted.
On the desktop, click Start → Programs or All Programs → Administrative Tools → Internet Information Services (IIS) Manager.
On the left panel in connections, select User → Sites → Default Web Sites → VWSC.
Double-click Authentication.
The VWSC Authentication window displays. Right click Anonymous Authentication to Disable or select Disable link as shown.
Right click Windows Authentication to Enable or select Enable link as shown.
Except Windows Authentication all other authentications must be disabled.Right click Windows Authentication and select Advanced Settings or click Advanced Settings link as shown.
In Advanced Settings dialog box, select Accept from Extended Protection drop-down and click OK as shown below.
In IIS Manager window, right click Default Web Site → All Tasks → Restart IIS for the changes to take place as shown below.
Database Changes for Velocity Web Service Client
The Registry table must have the following Insert Statement if not already available.
Navigate to Diagnostics/Reporting → SQL Manager as shown.
Connect to Microsoft SQL Server 2014.
In Object Explorer select SYSTEM\DOMAIN → Velocity as shown below.
Click New Query. Enter the Insert statement as shown.
INSERT INTO Registry VALUES(<Velocity Server name>,'VWSC','AuthenticationMode','AutoWindowsAuthentication');
For example, INSERT INTO RegistryVALUES(’SYSTEMNAME’,'VWSC','AuthenticationMode','AutoWindowsAuthentication');
Select the INSERT statement and click Execute.
PIV Enrollment using Windows Authentication
To configure anonymous authentication using IIS, you need to:
Run
notepad
as adminOpen
%WINDIR%\System32\inetsrv\config\applicationHost.config
Save it as
%WINDIR%\System32\inetsrv\config\applicationHost.config.bak
for backup purposesFind following string:
<section name="anonymousAuthentication" overrideModeDefault="Deny" />
Replace
Deny
withAllow
Save file as
%WINDIR%\System32\inetsrv\config\applicationHost.config
Recycle app pool, to be 100% sure that IIS re-reads
web.config
Periodic recycling of application pool helps to avoid unstable states that can lead to application crashes, hangs, or memory leaks. For details on how to recycle settings on application pool, refer https://tinyurl.com/y44yb4mm
Configuring Browser Settings
Auto login window appears only if the user is currently logged into their device as a member of the Velocity Users group in the Velocity domain and is an authorized Velocity operator.
Google Chrome browser operation is based on IE settings. Browsers such as Mozilla Firefox and Microsoft Edge prompts for username and password to login to VWSC Website.
A. The following steps allow the user to configure IE without prompting their credentials over trusted sites:
Open Internet Explorer.
Click Tools menu and select Internet Options.
Select Security tab.
Click the Local Intranet Web content zone.
Select Sites and Check Automatically Detect Intranet Network.
Click Advance.
Add VWSC website URL for example:
<<System Name/IP >>/VWSC, http://SYSTEMNAME/VWSC or http://<IP-Address>/VWSC.After you are done, Click Close and OK.
Now, click the Custom level button.
From the list of settings, scroll to the bottom to select Automatic logon only in Intranet zone.
Click OK.
B. The following steps allows the user to configure latest IE versions to add the website URL to work properly.
Open Internet Explorer.
Click Tools menu and select Internet Options as shown below.
Follow step 3 till step 8 below in latest Google Chrome versions to complete the procedure.
C. The following steps allows to add the website URL to work properly in latest Google Chrome versions:
Go to Google Chrome and Settings.
Click Advanced → System → Open Proxy Settings as shown below.
In Internet Properties windows, select Security tab as shown.
Click Sites in Internet Properties.
The Local Intranet dialog window opens as shown.
Select Advanced in Local Intranet.
In the Local Intranet dialog window enter "http://localhost/VWSC" and click Add as shown.
The URL is added to the Websites text area in Local Intranet. Click Close.
D. The following steps allows to add the website URL to work properly in earlier Google Chrome versions:
Go to Google Chrome → Options.
Select Under the Hood tab → Change Proxy Settings as shown.
Select Security (tab) → Local Intranet/Sites → Advanced → Add "http://localhost/VWSC" to the URL List.
Click Close.