This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Where does CreateDomainAuthenticationProperties get the login information?

Go to answer
Stephen_Houston
Champ in-the-making
Champ in-the-making

‎06-28-2017 01:26 PM

Hyland DLL version 16.0.0.20

We're using MVC and Windows Authentication.  When we call Application.CreateDomainAuthenticationProperties and connect using the returned variable, it returns with a 401 unauthorized. 

The credential being used is the AppPoolCredential, which for us is NetworkService.  I would expect it to use the currently logged in Windows user, but we can't figure out how to get those credentials to pass through.

Any guidance on authenticating in this fashion is greatly appreciated.

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
Alex_French
Elite Collaborator
Elite Collaborator

‎06-28-2017 01:36 PM

Stephen,

In the IIS Manager GUI, find your app and view the "Authentication" pane.

Right click on "ASP.NET Impersonation" and "Enable".

Right-click on "ASP.NET Impersonation" again and "Edit"... and in the "Edit ASP.Net Impersonation Settings" dialog make sure "Authenticated User" is selected.

If "ASP.NET Impersonation" is not in the list with [Anonymous Authentication, Basic Authentication, Forms Authentication, and Windows Authentication] in the Authentication pane, you may need to install or enable a Role Service.  Glancing at one of our IIS servers I don't think there is a separate Role Service that you don't already have if you're running an MVC application and using Windows Auth.

View answer in original post

0 Kudos
4 REPLIES 4

Go to answer
Alex_French
Elite Collaborator
Elite Collaborator

‎06-28-2017 01:36 PM

Stephen,

In the IIS Manager GUI, find your app and view the "Authentication" pane.

Right click on "ASP.NET Impersonation" and "Enable".

Right-click on "ASP.NET Impersonation" again and "Edit"... and in the "Edit ASP.Net Impersonation Settings" dialog make sure "Authenticated User" is selected.

If "ASP.NET Impersonation" is not in the list with [Anonymous Authentication, Basic Authentication, Forms Authentication, and Windows Authentication] in the Authentication pane, you may need to install or enable a Role Service.  Glancing at one of our IIS servers I don't think there is a separate Role Service that you don't already have if you're running an MVC application and using Windows Auth.

0 Kudos

Go to answer
Alex_French
Elite Collaborator
Elite Collaborator
In response to Alex_French

‎06-28-2017 01:39 PM

I should add- if your MVC IIS appplication is not running on the same server as the AppServer IIS application, then there's a whole different set of things you might need to do to solve the "double hop" problem (easily googleable, solveable, but not easy to solve as far as I know).
0 Kudos

Go to answer
Brian_Kavitz
Champ in-the-making
Champ in-the-making
In response to Alex_French

‎08-23-2017 11:54 AM

So if I'm interpreting your double hop comment correctly, the MVC app needs to reside on the same IIS instance as your OnBase AppServer for Domain Authentication to work in that scenario?
0 Kudos

Go to answer
Alex_French
Elite Collaborator
Elite Collaborator
In response to Alex_French

‎08-23-2017 01:12 PM

@Brian- that is definitely the easy option!

I think there are other options that involve Domain-level configuration of trust between specific machines, and maybe other options using Kerberos in the NTLM auth between the MVC app and the AppServer instance- but I haven't fully implemented those. Same IIS instance just works.
0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC