Enable Windows Authentication Procedure

Pims Solution
Procedure - Pims Windows Authentication Pims

Document Information
Document Filename: Procedure - Pims Windows Authentication.pdf

Plan Owner: Omega AS

Document Status: Released

Page 2 of 11
Procedure - Pims Windows Authentication Pims

Table of contents

Introduction .......................................................................................................................................... 4
Block Diagram ............................................................................................................................. 5
The diagram displays the different steps through the procedure. ............................................... 5
1 Configuring ................................................................................................................................. 6
1.1 Web Server........................................................................................................................ 6
1.2 SPN and Delegation for Web Server .................................................................................. 8
1.3 Client IE settings .............................................................................................................. 9
1.4 Set SQL Server Domain User and Create SPN ............................................................... 10

Page 3 of 11
Procedure

Introduction
The purpose of this document is to provide a technical overview and detailed procedures for setting up
Pims w ith Window s Authentication.

Page 4 of 11
Procedure

Block Diagram

The diagram displays the different steps through the procedure.

Layout the setup: SQL Server, SQL Setup Web Server with Pims Web Site with Anonymous
Server User. Web Server, Web Server Authentication. Verify that the site is working as normal
User. DNS Name

Set SPN and Delegation for the Web Server: Enable Windows Authentication on
Pims Web Site: Procedure Step: 1.1
Procedure Step: 1.2

Set Client Internet Explorer Settings:

Procedure Step: 1.3

Optional
If the SQL Server should use a Domain Account as the Log On
As continue to Procedure Step: 1.4

Page 5 of 11
Procedure

1 Configuring
Procedure Best Practise is that the SQL Service is running by a Domain account, but it is
Description: not required for Window s Authentication to w ork.

In this procedure, w e w ill enable Window s Authentication on an existing Pims

R4 site.
Note:
The SQL Service User is running as LocalSystem, at Sub Procedure 1.4 it w ill
be changed to a Domain account.

Procedure Step: 1.1 Web Server

Info Best Practise is that the ApplicationPoolIdentity is used as Application Pool ID,
this is just as safe as using a Custom Domain account, but makes the setup
easier.

Step Enable Window s Authentication on the Site in IIS

ApplicationPool
- Open IIS M anager
Identity is used
as Application - Select the site and open Authentication
Pool ID (Default
by IIS 7.5) - Disable Anonymous and Enable Window s Authentication

Page 6 of 11
Procedure

- Open Appframe.Config and set IntegratedSecurity to true

- Set the Server in <Server> Tag in Appframe.Config by specifying FQDN,
Eq: sqlserver.pims.no
Tip: M ake sure the Server in Appframe.config is equal as the SPN for the SQL
Server ( M SSQLSvc/sqlserverpims.no )

Page 7 of 11
Procedure

Procedure Step: 1.2 SPN and Delegation for Web Server

Log on to the Active Directory server and open Command Prompt.

- Create SPN
SPN command:
- setspn ----s HTTP/<URL> <WebServerNetBiosName>
Eq: setspn ----s HTTP/pims.pims.no pimsw eb

Open the Web Server Object in Active Directory

- Select Tab Delegation and check Trust this computer for delegation
to any service (Kerberos only)

- If there is muliple Active Directory Servers, it might take some time

before the SPN is replicated. (3 Hours)
- Reboot of the Web Server (Just to be sure cache is cleared)

Log on to a client computer w ith a domain account

Open Internet Explorer
- Add URL to Intranet Zone (Procedure Step: 1.4)
- Close Internet Explorer

Open Internet Explorer

- Go to your URL and it should sucessfully login using Window s
Authentication.

Page 8 of 11
Procedure

Procedure: 1.3 Client IE settings

The URL needs to be added to the Local intranet zone in IE.

Page 9 of 11
Procedure

Procedure Step: 1.4 Set SQL Server Domain User and Create SPN

Log on to the SQL Server and open SQL Server Configuration M anager.
- Change the Log On As to an Domain Account

Log on to the Active Directory server and open Command Prompt

- Create a new SPN for the SQL Server on the Domain Account used as Log On
As User

Create SPN command:

- setspn ----s M SSQLSvc/WebServerNetBiosName:Port
Eq: setspn ----s M SSQLSvc/sqlserver.pims.no PIM SsvcUser

- Reboot of the Web Server (Just to be sure cache is cleared)

Page 10 of 11
Procedure

Disclaimer

Appframe and Pims concept by Omega AS.

The information contained on this site represents the current view of Appframe and
Pims teams on the issues discussed as of the date of publication.

Because Appframe and Pims must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Appframe and Pims, and we cannot
guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only.

APPFRAME AND PIMS TEAMS MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN

THIS DOCUMENT.

Page 11 of 11