VWSC Windows Authentication

Owned by Sam Tuthill (Unlicensed)
Last updated: Apr 13, 2022 by Del Gonzalez
7 min read

Overview


Prior to Velocity 3.7 SP1 releases, the Velocity Web Service Client (VWSC) application used Anonymous Authentication mode which used the Forms Authentication Provider. As a result, when you initially hit the VWSC website, a login page displays and is authenticated by the Velocity web service.
Starting from Velocity 3.7 SP1 releases, the Administrator can disable Anonymous Authentication and define Windows Authentication to support Auto-login capability. For users logged in as an authorized Velocity operator in Velocity domain into Windows system on their device, the VWSC login page is by-passed to enable Auto-login feature.

Enabling Auto-Login Using Windows Authentication Provider


The VWSC application uses Anonymous authentication by default. To enable auto-login capability using Windows Authentication you must make configuration changes to the following:

Configuring IIS for Windows Authentication in Windows 10 and Windows Server 2016

Microsoft Windows 10

The steps below enable Windows Authentication in IIS where Velocity Web Client or VWSC bundle is installed.

  1. Go to Control Panel → Programs.
  2. Locate and click on "Turn Windows Features on or off" link as shown in figure 1.


Figure 1: Turn Windows Features ON or OFF in Programs

3. In Windows Features dialog, expand Internet Information Services→ World Wide Web Services→ Security to see the available options as shown in figure 2.

4. Select the following highlighted options(if not selected already), and then click OK as shown in the below figure 2.


Figure 2: Turn Windows Features ON/OFF

  • World Wide Web Services→ Security→  Basic Authentication
  • World Wide Web Services→ Security→  Request Filtering
  • World Wide Web Services→ Security→  Windows Authentication

A progress dialog shows that Windows is building the selected feature changes.

5. Click Close after Windows completes the requested changes as shown in figure 3.

The Windows Authentication mode is enabled in IIS.

Figure 3: Completion of Requested Changes… 

Microsoft Windows Server 2016

The steps below enable Windows Authentication in IIS on Windows Server 2016 where Velocity Web Client or VWSC bundle is installed.

  1. Go to Run and type ServerManager and press Enter or click Server Manager button in the Windows taskbar.

    The Server Manager Dashboard screen displays as shown in figure 4.
  2. Click Add roles and features link in Dashboard.

    Figure 4: Server Manager Dashboard
  3. Read the wizard instructions and click Next to continue as shown in figure 5.

    Figure 5:Before You Begin Menu
  4. In Select installation type choose Role-based or feature-based Installation radio button as shown in figure 6.

    Figure 6:Installation Type Menu
  5. Choose to Select a server from the server pool radio button as shown in figure 7.
  6. Select the Windows Server 2016 from Server Pool and click Next.

    Figure 7:Server Selection Menu
  7. Select the following highlighted options(if not selected already) and then click Next as shown in the below figure 8.
    1. Select Server Roles. Choose the following options under Roles:
      • Web Server (IIS) (20 of 43 Installed)→ Web Server (14 of 34 Installed) → Security (1 of 9 Installed)→ Request Filtering (Installed)
      • Web Server (IIS) (20 of 43 Installed)→  Web Server (14 of 34 Installed) → Security (1 of 9 Installed)→ Basic Authentication
      • Web Server (IIS) (20 of 43 Installed)→  Web Server (14 of 34 Installed) Security (1 of 9 Installed)→  Windows Authentication


        Figure 8:Server Roles Menu

Skip to the Confirmation menu in the Add Roles and Features Wizard as shown in figure 9.

8. In Confirm installation selections click Install to enable Windows Authentication on Windows 2016 Server as shown in figure 9.



Figure 9: Confirmation Menu
The Installation progress window display the progress of the Feature Installation as shown in figure 10.

9. Click Close after the installation is done.



Figure 10: Results in Feature Installation

Velocity Web Service Client Website Configuration

The Velocity Web Service Client Website configuration is done in the system where the Velocity Web Client and Website is installed or hosted.

  1. On the desktop, click Start → Programs→ or All Programs→ Administrative Tools→  Internet Information Services (IIS) Manager.
  2. On the left panel in connections, select User→ Sites→ Default Web Sites->VWSC.
  3. Double-click Authentication as shown in figure 11.


Figure 11: VWSC Authentication in IIS Manager

4. The VWSC Authentication window displays. Right click Anonymous Authentication to Disable or select Disable link as shown in figure 12.

Figure 12: Disable Anonymous Authentication in IIS Manager

5. Right click Windows Authentication to Enable or select Enable link as shown in figure 13.

Except Windows Authentication all other authentications must be disabled as shown in figure 14.



Figure 13: Enable Windows Authentication in IIS Manager

6. Right click Windows Authentication and select Advanced Settings or click Advanced Settings link as shown in figure 14.


Figure 14: Advanced Settings in Windows Authentication

7. In Advanced Settings dialog box, select Accept from Extended Protection drop-down and click OK as shown in figure 15.


Figure 15:Accept Option in Extended Protection drop-down


8. In the web.config file located at C:\inetpub\wwwroot\VWSC please remove the commented lines from figure 29 to match figure 30

Figure 29

Figure 30

9. The following steps are required for PIV Enrollment with Windows Authentication.

  1. Run notepad as admin
  2. Open %WINDIR%\System32\inetsrv\config\applicationHost.config
  3. Save it as %WINDIR%\System32\inetsrv\config\applicationHost.config.bak for backup purposes
  4. Find following string:
    <section name="anonymousAuthentication" overrideModeDefault="Deny" />
  5. Replace Deny with Allow
  6. Save file as %WINDIR%\System32\inetsrv\config\applicationHost.config

10. In IIS Manager window, right click Default Web Site→ All Tasks→ Restart IIS for the changes to take place as shown in figure 16.


Figure 16: Restarting IIS in IIS Manager Window

Database Changes for Velocity Web Service Client

The Registry table must have the following Insert Statement if not already available.

  1. Go to SQL Manager as shown in figure 17.


Figure 17:Connect to SQL Manager

2. Connect to Microsoft SQL Server 2004 as shown in figure 18.


Figure 18: Microsoft SQL Server 2014 User Dialog

3. In Object Explorer select SYSTEM\DOMAIN->Velocity as shown in figure 19.


Figure 19: Velocity in Object Explorer

4. Click New Query. Enter the Insert statement as shown in figure 20.


Figure 20: Enter New Query

INSERT INTO Registry VALUES(<Velocity Server name>,'VWSC','AuthenticationMode','AutoWindowsAuthentication');

For example: 

INSERT INTO RegistryVALUES('SYSTEMNAME','VWSC','AuthenticationMode','AutoWindowsAuthentication');

5. Select the INSERT statement and click Execute as shown in figure 21.


Figure 21:Execute Statement

Configuring Browser Settings

Auto login window appears only if the user is currently logged into their device as a member of the Velocity Users group in the Velocity domain and is an authorized Velocity operator. 

Google Chrome browser operation is based on IE settings. Browsers such as Mozilla Firefox and Microsoft Edge prompts for username and password to login to VWSC Website.

A. The following steps allow the user to configure IE without prompting their credentials over trusted sites:

  1. Open Internet Explorer.
  2. Click Tools menu and select Internet Options.
  3. Select Security tab.
  4. Click the Local Intranet Web content zone.
  5. Select Sites and Check Automatically Detect Intranet Network.
  6. Click Advance.
  7. Add VWSC website URL for example: <<System Name/ IP >>/VWSC, http://SYSTEMNAME/VWSC or http://<IP-Address>/VWSC.
  8. After you are done, Click Close and OK.
  9. Now, click the Custom level button.
  10. From the list of settings, scroll to the bottom to select Automatic logon only in Intranet zone.
  11. Click OK.

B. The following steps allows the user to configure latest IE versions to add the website URL to work properly.

  1. Open Internet Explorer.
  2. Click Tools menu and select Internet Options as shown in figure 22.


Figure 22: Tools->Internet Options in Internet Explorer
Follow step 3 till step 8 below in latest Google Chrome versions to complete the procedure.

C. The following steps allows to add the website URL to work properly in latest Google Chrome versions:

  1. Go to Google Chrome and Settings as shown in figure 23.

    Figure 23: Browser Settings in Google Chrome
  2. Click Advanced-> System -> Open Proxy Settings as shown in figure 24.

    Figure 24:System Settings in Google Chrome
  3. In Internet Properties windows, select Security tab as shown in figure 25.

    Figure 25:Security tab in Internet Properties
  4. Click Sites in Internet Properties.
  5. The Local Intranet dialog window opens as shown in figure 26.
  6. Select Advanced in Local Intranet as shown in figure 26.


    Figure 26:Local Intranet Settings
  7. In the Local Intranet dialog window enter "http://localhost/VWSC" and click Add as shown in figure 27.

    Figure 27: http://localhost/VWSC Added to Zone
  8. The URL is added to the Websites text area in Local Intranet. Click Close.

D. The following steps allows to add the website URL to work properly in earlier Google Chrome versions:

  1. Go to Google Chrome-> Options.
  2. Select Under the Hood tab -> Change Proxy Settings as shown in figure 28 below.

    Figure 28: Under the Hood tab in Options
  3. Select Security (tab) -> Local Intranet/Sites -> Advanced -> Add "http://localhost/VWSC" to the URL List.
  4. Click Close.