Forms Authentication

In this security model, WebMap looks after users and group assignments and controls which maps are accessible by these users and groups.

  1. In IIS, find your website within the Sites tree and open Authentication. Now set Anonymous Authentication to Enabled. Ensure Forms are enabled as well. Disable ASP.NET authentication.
  2. Open web.config in a suitable text editor. (You can find this config file in your WebMap installation folder)
  3. Add this line to the appSettings : (if this line is already present, ensure it has been uncommented)
    <add key="owin:appStartup" value="Forms"/>
  1. Comment out all other entries that start with:
<add key="owin:
  1. Locate the following section:
<authentication   mode="Forms">
<forms loginUrl="Login.aspx" timeout="3000" />
</authentication>

and replace it with:

Copy 
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" defaultUrl="Map.aspx" path="/" timeout="3000" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

This will set Forms Authentication for the whole site (both map and admin page)

  1. Modify the following section to suit security needs:
<identityConfig
ConnectionString="ConfigurationDatabase"
RequiredLength="5"
RequireNonLetterOrDigit="true"
RequireDigit="true"
RequireLowercase="true"
RequireUppercase="true"
MaxFailedAccessAttemptsBeforeLockout="5"
AllowOnlyAlphanumericUserNames="false"
RequireUniqueEmail="true"
LoginUrl="/login.aspx"/>
ConnectionString - name of the connection string for the security database
RequiredLength - minimum length for a users password
RequireNonLetterOrDigit - password must contain a non-letter or digit
RequireDigit - password must contain a digit (0-9)
RequireLowercase - password must contain at least 1 lower case letter
RequireUppercase - password must contain at least 1 upper case character
MaxFailedAccessAttemptsBeforeLockout -  maximum amount of failed login attempts before the account is locked
AllowOnlyAlphanumericUserNames - characters are allowed in the user name
RequireUniqueEmail - requires the users email addresses to be unique
LoginUrl - The url to the login page – this should never need modifying

In the section below the comment:

<!-- This section is used to streamline authentication to the folders listed here. 
Some browsers were slow in authenticating access to these folders. It is recommended that you do not change this section. -->

You will find a number of <location path = “***”> tags; these control permissions for the sections of the site given in quotes. Edit the authorization to read:

<allow users="*" />
<allow users="?" />

Make this change to each of the following <location path = “***”> tags:

img
mobile/img
login.aspx
mobile/login.aspx
Proxy.axd
getmap.axd
css
mobile/css
script
mobile/script

Note: * means All users, both authenticated and unauthenticated ? means anonymous. This allows you to allow/deny access to pages.

Now set up your users ( Security > Create User) and enable the maps they can access (Security > Manage User Permissions).