Search

GlobalSCAPE Knowledge Base

Active Directory as Authentication Source and Role Provider on EFT Web Admin

Karla Marsh
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Web Admin, v3.6 and later

DISCUSSION

  1. Make a backup of EFT Web Admin application files (e.g. C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\).
  2. Open a Command prompt with Elevated permissions and Unencrypt your web.config connection strings section.
  3. C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin"

  4. Open your Web.config (e.g. C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin\web.config).
  5. Go to connection strings section and change your ADAuthConnectionString connection string. Change your default value from this $(ReplacableToken_ADAuthConnectionString-Web.config Connection String_0) to your LDAP/AD server Your connection string should look like:
  6. <connectionStrings >
    <add name="EFTWebAdmin" connectionString="Data Source=[SQLSERVERHOST]\[INSTANCE];Initial Catalog=[EFTWEBADMIN_DATABASE];User ID =[SQL_SERVER_USER];Password=[SQL_SERVER_PASSWORD] "/>
    <add name=" ADAuthConnectionString" connectionString="[LDAP_QUERY_PATH]" />
    </connectionStrings>

  7. Go to connection string section and change your ADRPConnectionString conncetion string. Change your default value from this $(ReplacableToken_ADRPConnectionString-Web.config Connection String_0) to your LDAP/AD server Your connection string should look like:
  8. <connectionStrings >
    <add name="EFTWebAdmin" connectionString="Data Source=[SQLSERVERHOST]\[INSTANCE];Initial Catalog=[EFTWEBADMIN_DATABASE];User ID =[SQL_SERVER_USER];Password=[SQL_SERVER_PASSWORD] "/>
    <add name="ADAuthConnectionString" connectionString="LDAP://dc.demo.vm/CN=Users,DC=demo,DC=vm" />
    <add name="ADRPConnectionString" connectionString="LDAP://DC=demo,DC=vm" />
    </connectionStrings>

    [LDAP_SERVER_LESSQUERY_PATH]: replace with your own LDAP query. For example
    LDAP://DC=demo,DC=vm

    NOTE: LDAP Server-less format is not supported.

  9. Use the following membership section:
  10. <membership defaultProvider="ADMembershipProvider">
    <providers>
    <clear />
    <add name="ADMembershipProvider"
    connectionStringName="ADAuthConnectionString"
    applicationName="EFTWebAdmin"
    connectionUsername="demo\username"
    connectionPassword="password"
    attributeMapUsername="sAMAccountName"
    enableSearchMethods="true"<
    type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

    </providers>
    </membership>

  11. Use the following Role manager section:
  12. <roleManager enabled="true" defaultProvider="ADRoleProvider">
    <providers>
    <clear/>
    <add name="ADRoleProvider"
    applicationName="EFTWebAdmin"
    type="Globalscape.EFT.Web.Providers.AdRoleProvider"
    connectionStringName="ADRPConnectionString"
    groupMode="Additive"
    enableSqlCache="True"
    sqlConnectionString="EFTWebAdmin"
    cacheTimeInMinutes ="5"
    groupsToUse="EFTWebAdminUser,EFTWebAdminSuperUser,EFTAdmins"
    groupsToIgnore="Senior Management"
    usersToIgnore="asmith, ksose"/> </providers>
    </roleManager>

  13. Make sure at least one account is allowed in the admin Settings for the EFT Web Admin.
  14. <location path="Admin" allowOverride="true">
    <system.web>
    <authorization>
    <allow roles ="EFTWebAdminSuperUser"/>
    <allow roles="ServerManagement"/>
    <allow roles="Administrators"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </location>

  15. Save Web.config.
  16. Encrypt your Web.config connection section again:
  17. C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin"

  18. If you wish to encrypt your membership provider due to adding passwords to your AD, you can encrypt this section too by using:

Details
Last Modified: 3 Years Ago
Last Modified By: kmarsh
Type: HOWTO
Article not rated yet.
Article has been viewed 10K times.
Options
Also In This Category
Tags