Configuring Web Applications - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier

A web application is any OnBase module installed to IIS that presents a web-based interface to the user. This includes, but is not limited to, modules such as the OnBase Web Server, DeficiencyPop, and the OnBase Patient Window.

If a module requires the OnBase Application Server to connect to OnBase but is not installed to IIS, that module does not require additional configuration as long as the Application Server is configured correctly (see Configuring the Application Server). This includes modules like the OnBase Unity Client.

Several OnBase modules can be optimized for non-interactive Active Directory authentication using the Optimize for Windows Authentication tool in the Web Application Management Console.

Note:

Before configuring any OnBase web applications, ensure that the identity running the application pool for the module is registered as the SPN. See Registering a Service Principal Name (SPN) and Configuring Delegation in Microsoft Windows.

To use the Optimize for Windows Authentication tool and configure a web application:

  1. Launch the Web Application Management Console.
    Tip:

    For complete details on installing and using the Web Application Management Console, see the Web Application Management Console module reference guide.

  2. Click Open Web Application in the upper left of the window.
  3. Select the module from the Select the web application to configure list. The configuration for that module is loaded into the Web Application Management Console.
    Note:

    If the OnBase module you are configuring is not in the list, it cannot be optimized using the Web Application Management Console. You may need to manually change the settings described in the remainder of this procedure.

    1. Click Tools | Optimize for Windows Authentication.
    2. Click Yes in the confirmation dialog that is displayed.
  4. Save the configuration and close the Web Application Management Console.
  5. In Microsoft Windows, launch the Internet Information Services (IIS) Manager with elevated administrator privileges.
    Note:

    IIS is a Microsoft product. Complete details on using IIS and the IIS Manager can be found in the documentation available from Microsoft.

  6. In the Sites area, confirm that the following settings for the web application of the OnBase module are configured correctly.

    Setting

    Configuration

    IIS | Authentication | Anonymous Authentication

    Set to Enabled.

    Note:

    For some OnBase modules this setting may need to be set to Disabled. However, this is not the preferred configuration because setting it to Disabled may cause performance issues.

    IIS | Authentication | ASP.NET Impersonation

    Set to Enabled.

    Note:

    Additionally, the Impersonation setting must be set to Authenticated User.

    IIS | Authentication | Windows Authentication

    Set to Enabled.

    Note:

    Additionally, Negotiate must be at the top of the list of providers. To access the providers list, right click Windows Authentication and select Providers.

  7. Under Management, launch the Configuration Editor for the web application of the OnBase module.
  8. From the Section drop-down list, navigate to the system.webServer/security/authentication/windowsAuthentication path.
  9. Set the value of useAppPoolCredentials to True.
  10. In the Application Pools area, confirm that the following setting for the application pool of the web application is configured correctly.

    Setting

    Configuration

    Process Model | Identity

    The domain account you registered the SPN to (see Registering a Service Principal Name (SPN) and Configuring Delegation in Microsoft Windows).

  11. Recycle the application pool of the OnBase module for the changes to take effect.
  12. Repeat this process for each OnBase web application in your environment.
    Tip:

    To configure the OnBase Application Server, see Configuring the Application Server.