Forms Authentication

In this security model, Web Map Layers looks after users and group assignments and controls which maps are accessible by these users and groups.

1. In IIS, find your website within the Sites tree and open Authentication. Now set Anonymous Authentication to Enabled. Ensure Forms are enabled as well. Disable ASP.NET authentication.

2. Open the web.config file (from C:\inetpub\wwwroot\WebMapLayers8) and add this line to the appSettings : (if this line is already present, ensure it has been uncommented)

        <add key="owin:appStartup" value="Forms"/>
      

3. Comment out all other entries that start with:

<add key="owin:

4. Locate the following section:

<authentication   mode="Forms">

<forms loginUrl="Login.aspx" timeout="3000" />

</authentication>

and replace it with:

<authentication mode="Forms">

<forms loginUrl="Login.aspx" protection="All" defaultUrl="Map.aspx" path="/" timeout="3000" />

</authentication>

<authorization>

<deny users="?" />

</authorization>

This will set Forms Authentication for the whole site (both map and admin page)

5. Modify the following section to suit security needs:

<identityConfig

ConnectionString="ConfigurationDatabase"

RequiredLength="5"

RequireNonLetterOrDigit="true"

RequireDigit="true"

RequireLowercase="true"

RequireUppercase="true"

MaxFailedAccessAttemptsBeforeLockout="5"

AllowOnlyAlphanumericUserNames="false"

RequireUniqueEmail="true"

LoginUrl="/login.aspx"/>

ConnectionString - name of the connection string for the security database

RequiredLength - minimum length for a users password

RequireNonLetterOrDigit - password must contain a non-letter or digit

RequireDigit - password must contain a digit (0-9)

RequireLowercase - password must contain at least 1 lower case letter

RequireUppercase - password must contain at least 1 upper case character

MaxFailedAccessAttemptsBeforeLockout -  maximum amount of failed login attempts before the account is locked

AllowOnlyAlphanumericUserNames - characters are allowed in the user name

RequireUniqueEmail - requires the users email addresses to be unique

LoginUrl - The url to the login page – this should never need modifying

6. In the section below the comment:

<!-- This section is used to streamline authentication to the folders listed here. 

Some browsers were slow in authenticating access to these folders. It is recommended that you do not change this section. -->

You will find a number of <location path = “***”> tags; these control permissions for the sections of the site given in quotes. Edit the authorization to read:

<allow users="*" />

<allow users="?" />

Make this change to each of the following <location path = “***”> tags:

•	img

•	mobile/img

•	login.aspx

•	mobile/login.aspx

•	Proxy.axd

•	getmap.axd

•	css

•	mobile/css

•	script

•	mobile/script

* means All users, both authenticated and unauthenticated ? means anonymous. This allows you to allow/deny access to pages.

Now set up your users ( Security > Create User in the Admin Interface) and enable the maps they can access (Security > Manage User Permissions).

---

Send comments on this topic.