In this security model, WebMap looks after users and group assignments and controls which maps are accessible by these users and groups.
- In IIS, find your website within the Sites tree and open Authentication. Now set Anonymous Authentication to Enabled. Ensure Forms are enabled as well. Disable ASP.NET authentication.
- Open web.config in a suitable text editor. (You can find this config file in your WebMap installation folder)
- Add this line to the appSettings : (if this line is already present, ensure it has been uncommented)
<add key="owin:appStartup" value="Forms"/>
- Comment out all other entries that start with:
- Locate the following section:
<authentication mode="Forms"> <forms loginUrl="Login.aspx" timeout="3000" /> </authentication>
and replace it with:
<forms loginUrl="Login.aspx" protection="All" defaultUrl="Map.aspx" path="/" timeout="3000" />
<deny users="?" />
This will set Forms Authentication for the whole site (both map and admin page)
- Modify the following section to suit security needs:
<identityConfigConnectionString="ConfigurationDatabase" RequiredLength="5" RequireNonLetterOrDigit="true" RequireDigit="true" RequireLowercase="true" RequireUppercase="true" MaxFailedAccessAttemptsBeforeLockout="5" AllowOnlyAlphanumericUserNames="false" RequireUniqueEmail="true" LoginUrl="/login.aspx"/>
ConnectionString - name of the connection string for the security database RequiredLength - minimum length for a users password RequireNonLetterOrDigit - password must contain a non-letter or digit RequireDigit - password must contain a digit (0-9) RequireLowercase - password must contain at least 1 lower case letter RequireUppercase - password must contain at least 1 upper case character MaxFailedAccessAttemptsBeforeLockout - maximum amount of failed login attempts before the account is locked AllowOnlyAlphanumericUserNames - characters are allowed in the user name RequireUniqueEmail - requires the users email addresses to be unique LoginUrl - The url to the login page – this should never need modifying
In the section below the comment:
<!-- This section is used to streamline authentication to the folders listed here. Some browsers were slow in authenticating access to these folders. It is recommended that you do not change this section. -->
You will find a number of <location path = “***”> tags; these control permissions for the sections of the site given in quotes. Edit the authorization to read:
<allow users="*" /> <allow users="?" />
Make this change to each of the following <location path = “***”> tags:
img mobile/img login.aspx mobile/login.aspx Proxy.axd getmap.axd css mobile/css script mobile/script
Note: * means All users, both authenticated and unauthenticated ? means anonymous. This allows you to allow/deny access to pages.