Special: Active Directory- and Windows authorization

It is possible to (automatically) log on via the user's network account (single sign-on). This requires corresponding entries in the user accounts for Windows authentication or the activation of access control via Active Directory. The web server must also support this type of authentication, which requires special settings and possibly installation. Unfortunately, automatic login is not supported by all web browsers.

 

Contents

Installation of server roles for Windows authentication

Activation of Windows authentication for Internet Information Services

Specific settings for the browsers Firefox and MS Edge

 

Installation of Windows Authentication (images of Windows Server 2012 R2)

Start the Server Manager and click on ‘Add roles and features’.

 

 

In the installation wizard, click on ‘Next’ to proceed to the ‘Server Roles’ section. There, under ‘Web Server (IIS)/Webserver/Security’, select the ‘Windows Authentication’ role and confirm with ‘Next’.

 

 

Confirm in all further windows via ‘Next’ and start the installation via ‘Install’.

 

 

Close the installation wizard.

 

 

Activation Windows Authentication in the IIS-Manager

Start the Server Manager and choose ‘Internet Information Services (IIS) Manager’ from the ‘Tools’ menu.

 

 

In the manager in the left area first select the node with the server name, then ‘Sites’ and finally ‘lexiCan Web’. Then double-click on ‘Authentication’ in the middle area of the window.

 

 

In the list of authentication methods, select ‘Anonymous Authentication’ and disable it.

 

 

The Internet Information Services do not allow a mix of authentication methods. This means that after Windows Authentication is activated, authentication is only possible within the corresponding network (Intranet).

 

Specific settings for the browsers Firefox and MS Edge

All web browsers supported by +WEB allow automatic authentication (single sign-on) except Firefox. Firefox queries the user's access data for the respective network separately.

 

The language within the following images is German. We ask for your understanding.

 

 

This can be overcome by enabling the URL address used in each case in the Firefox configuration (about:config).

 

 

If MS Edge also requests login data, you can solve this via the Internet options of the respective computer.

 

Open the ‘Control Panel’ and click on ‘Internet Options’.

 

 

In the following dialogue window, select the tab ‘Security’ and then ‘Local Intranet’. Click on ‘Sites’.

 

 

In the next dialogue box click on ‘Extended’.

 

 

Enter the name or IP address of the server you are using, click ‘Add’ and then ‘Close’.

 

 

Accept all changes and exit the process.