Manual configuration of authentication mode
This section explains how to switch authentication mode in HTTP Commander and
how to verify the current configuration.
There are two distributions of HTTP Commander available for download on the Element-It web site: Forms and Windows.
They are preconfigured for the two primary authentication modes supported by the application: Forms and Windows, respectively.
HTTP Commander also supports Forms with Windows users, Novell EDirectory, Shibboleth and Auth0 authentication modes,
which are selected less frequently than the two primary modes.
The installation section of this manual covers the specific authentication mode
you've selected to download, either Windows or Forms.
See the top of this page to view the version of the distribution which is installed.
You can always switch to any other supported authentication mode
with some amount of manual labor. You can do this irrespective of which distribution you've installed.
The difference between the two distributions of HTTP Commander is in the content of
the configuration files (Web.config and HttpCommanderSettings.config) and manual.
Configuration files contain the default settings for the selected authentication mode
so you do not need to enter the settings manually.
The manual provided in the Forms version of distribution is missing sections specific to Windows authentication mode of HTTP Commander
and the manual of the Windows version of distribution is missing sections specific to Forms authentication mode
(for users' convenience, of course).
This section explains how to update configuration files for your specific authentication mode.
If you need to change the authentication mode, you do not need to download a new distribution of HTTP Commander, just update the configuration files.
In addition, updating the configuration files manually preserves all your settings
which would be lost should you install HTTP Commander from scratch.
The Novell EDirectory, Shibboleth and Auth0 authentication modes of HTTP Commander are best documented in
the Forms version of the manual.
For the Forms with Windows users authentication mode of HTTP Commander we recommend that you obtain
both versions of the manual, since neither of them contains complete documentation
for this mixed mode.
To decide which authentication mode of HTTP Commander you need, consider the following
characteristics.
-
Account database — what accounts should be used for authentication to
HTTP Commander.
In Windows and Forms with Windows users authentication modes the application uses
windows accounts. That may be domain (web server must be joined to domain) or local accounts.
In Forms authentication mode HTTP Commander maintains custom account database in an xml file.
In Novell EDirectory mode the application authenticates against EDirectory.
In Shibboleth mode, the account database is managed by the Shibboleth identity provider,
HTTP Commander merely extracts the name of the current authenticated user.
In Auth0 mode, the account database is stored and managed in Auth0 platform
-
Impersonation, what identity is used to perform user requests.
This characteristic determines if you are able to use NTFS permissions
to restrict access to the file system. When all requests are processed under the
same user identity, NTFS permissions cannot be used to assign different level
of access to different users of HTTP Commander.
On the contrary, when the application impersonates users and performs each request
under that user identity, the application can then leverage NTFS permissions.
In Windows and Forms with Windows users authentication modes, HTTP Commander
processes requests under the identity of the logged in user.
In other authentication modes, the application performs under the application pool identity
— one identity for all users.
More details about Shibboleth integration,
Novell EDirectory integration,
Auth0 integration.
Warning Forms with Windows users authentication mode works unreliably on
Windows Server 2003 and Windows Server 2003 R2. The problem is that the authenticated
user sometimes is not impersonated, hence requests are processed under the anonymous
user identity. Users will experience sporadic "access denied" errors in HTTP Commander.
The following instructions assume that you've completed installation procedure described in the
Application install section of this manual.
-
If you wish to perform a new installation with either Forms or Windows authentication mode,
we recommend that you download the corresponding distribution on the Element-It web site.
Then follow the installation instructions detailed in the Application install section of the manual,
and
then review the following steps to ensure that application was configured correctly.
-
If you've already installed and configured HTTP Commander and now want to change authentication mode,
then follow the instructions below.
You may need to download a different version of the manual.
-
If you have performed a new installation of HTTP Commander and selected one of the authentication modes
that does not have preconfigured distribution, you should first install the Windows or Forms
version as described in the Application install section of the manual,
then follow the steps below to switch the authentication type.
Configuration steps
-
Authentication in IIS Manager
-
Windows Server 2003 and Windows Server 2003 R2
- In the IIS console right-click the "HTCOMNET" folder and select "Properties" in the context menu.
- In the HTCOMNET properties dialog box, open "Directory Security" tab, click the "Edit.." button.
- Select the options according to table below.
| HTTP Commander AuthMode |
IIS authentication1 |
| Forms, Forms with Windows Users, Novell EDirectory, Auth0 |
Anonymous access
Screenshot
|
| Windows |
Basic Authentication or Windows Authentication2
Screenshot
|
| Shibboleth |
According to Shibboleth Service provider configuration manual. |
-
Windows Servers 2008, 2008 R2, 2012, 2012 R2, 2016
- In the IIS manager, select HTCOMNET node and click "Authentication" in the right tab.
- Select the options according to the table below.
| HTTP Commander AuthMode |
IIS authentication1 |
| Forms, Novell EDirectory, Auth0 |
Anonymous Authentication and Forms Authentication
Screenshot
|
| Forms with Windows Users |
Anonymous Authentication, ASP.NET Impersonation and Forms Authentication
Screenshot
|
| Windows |
Basic Authentication or Windows Authentication2 and ASP.NET Impersonation
Screenshot
|
| Shibboleth |
According to Shibboleth Service provider configuration manual. |
-
Web.config settings
Ensure that the following settings are present in web.config file.
Note:
All elements may contain additional attributes or sub-elements not
shown on the listing. For example, Forms elements often contains a timeout attribute.
-
AuthMode: Forms, Novell EDirectory
<configuration>
<system.web>
<identity impersonate="false" />
<authentication mode="Forms">
<forms loginUrl="Default.aspx" defaultUrl="Default.aspx"/>
</authentication>
</system.web>
</configuration>
-
AuthMode: Forms with Windows Users
<configuration>
<system.web>
<identity impersonate="true" />
<authentication mode="Forms">
<forms loginUrl="Default.aspx" defaultUrl="Default.aspx"/>
</authentication>
<httpModules>
<add name="FormsWithWindowsUsersAuthModule" type="HttpCommander.FormsWithWindowsUsersAuthModule, HttpCommander" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="FormsWithWindowsUsersAuthModule" type="HttpCommander.FormsWithWindowsUsersAuthModule, HttpCommander" preCondition="integratedMode" />
</modules>
</system.webServer>
</configuration>
-
AuthMode: Windows
<configuration>
<system.web>
<identity impersonate="true" />
<authentication mode="Windows">
</authentication>
</system.web>
</configuration>
-
AuthMode: Auth0
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<identity impersonate="false" />
<authentication mode="Forms">
<forms loginUrl="Default.aspx" defaultUrl="Default.aspx"/>
</authentication>
<httpModules>
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</modules>
</system.webServer>
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<remove type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add type="Auth0.AspNet.MachineKeySessionSecurityTokenHandler, Auth0.AspNet" />
</securityTokenHandlers>
</service>
</microsoft.identityModel>
</configuration>
See Auth0 integration.
-
AuthMode: Shibboleth
<configuration>
<system.web>
<httpModules>
<add name="ShibbolethAuthenticationModule" type="HttpCommander.ShibbolethAuthenticationModule, HttpCommander" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ShibbolethAuthenticationModule" type="HttpCommander.ShibbolethAuthenticationModule, HttpCommander" preCondition="integratedMode" />
</modules>
</system.webServer>
</configuration>
Please, consult the Shibboleth Service Provider configuration manual for other settings
that must be present in Web.config file.
-
HttpCommanderSettings.config
The settings in HttpCommanderSettings.config file specify HTTP Commander authentication mode.
Ensure that all settings have the values specified in the table below.
Mapping HTTP Commander authentication mode to HTTP Commander settings
| AuthMode |
HTTP Commander setting |
| Windows |
Main/Version="ad"
Main/WindowsUsersWithFormAuth="false"
NovellEDirectory/EDirectory="false"
Shibboleth/EnableShibbolethAuthentication="false"
Auth0/EnableAuth0="false"
|
| Forms |
Main/Version="st"
Main/WindowsUsersWithFormAuth="false"
NovellEDirectory/EDirectory="false"
Shibboleth/EnableShibbolethAuthentication="false"
Auth0/EnableAuth0="false"
|
| Forms for Windows users |
Main/Version="st"
Main/WindowsUsersWithFormAuth="true"
NovellEDirectory/EDirectory="false"
Shibboleth/EnableShibbolethAuthentication="false"
Auth0/EnableAuth0="false"
|
| Novell EDirectory |
Main/Version="st"
Main/WindowsUsersWithFormAuth="false"
NovellEDirectory/EDirectory="true"
Shibboleth/EnableShibbolethAuthentication="false"
Auth0/EnableAuth0="false"
|
| Shibboleth |
Main/Version="st"
Main/WindowsUsersWithFormAuth="false"
NovellEDirectory/EDirectory="false"
Shibboleth/EnableShibbolethAuthentication="true"
Auth0/EnableAuth0="false"
|
| Auth0 |
Main/Version="st"
Main/WindowsUsersWithFormAuth="false"
NovellEDirectory/EDirectory="false"
Shibboleth/EnableShibbolethAuthentication="false"
Auth0/EnableAuth0="true"
and also not empty all Auth0 parameters
|
- Configure NTFS permissions
-
For Windows authentication mode only
Configure the Force Logout function.
-
For Forms authentication mode only
Ensure that the Data\Accounts.xml file is present.
If not, copy this file from the Forms distribution of HTTP Commander.
-
Authentication mode specific details
Note 1 The IIS authentication column specifies authentication items that should be enabled in IIS,
all other authentication items should be disabled.
Note 2 See Windows vs Basic authentication.
Web file manager
Free Installation assistance
Manual Home page
