You can set up nService to authenticate users in one of the three modes: nService Authentication, Active Directory Authentication and Windows Integrated Authentication.
|nService Authentication ||This mode validates all users against nService's user table. This is the default. It doesn't require additional step to set up. Users need to type in their user names and passwords to sign in to the protected area of the website. |
|Active Directory Authentication ||This mode validates domain users against Active Directory and validate nService users against nService's user table. Domain users are users who sign in with user name in the format of "domain\user_name". nService users are those signing in without the "domain\" prefix. Once a domain user is validated, nService it creates a shadow user account in nService's database with information from Active Directory. If the domain user already exists in nService, it updates it. In this mode, users need to type in their user names and passwords to sign in to the protected area of the website. |
|Windows Integrated Authentication ||This mode doesn't validate users. Instead, it picks up the Windows account of the visiting user, retrieves his information from Active Directory and creates a shadow account in nService. If the account already exists in nService, it updates it. If the user is already logged into the network, he does not need to provide user name and password to log in to nService. It is done automatically. If the user is a remote user, he would get a log on dialog popped up on his browser. |
Setting up Active Directory Authentication
To set up this mode, go to nService, Organizations, Directory and create some nService OUs (i.e. organizational units) to map to Active Directory OUs. Make sure you check the "Active Directory Authentication" checkbox and enter a domain name. Then, go back to the Directory tree, select the OU, click Import, uncheck the "Import immediate children" in order to import the entire sub tree, click Import. nService will import the OU structure starting from the node defined by the LDAP path.
When a user signs in with a user name in the format of "domain\user_name", nService extracts the domain, searches the OUs with matching domain names and are enabled for authentication, then attempts to log in to the Active Directory node specified in the LDAP path using the entered user name and password. If that is successful, nService lets the user in.
Setting up Wnidows Integrated Authentication
To set up Windows Authentication, follow the steps for setting up Active Directory Authentication. Then take the additional steps below.
Open up \Inetpub\nService4\web.config in Notepad, uncomment the
authentication mode="Windows" tag, comment out the
authentication mode="Forms" tag and the location tags starting from the 5th one.
For IIS 7, run IIS Manager, select nService4, select the Authentication icon in the IIS section. For IIS 6, run IIS Manager, select nService4 application, Properties, Directory Security, Edit Authentication and access control. Disable all authentication methods. Enable Anonymous Authentication and Integrated Windows Authentication. You will get 401.5 (401 5) error if the latter is not checked.
Common problems and fixes:
1.This article explains why some times browsers still prompt users for user name and password. http://support.microsoft.com/kb/258063
2.This article explains why you may receive “HTTP Error 401.1”. http://support.microsoft.com/kb/871179