Menu

Search

GlobalSCAPE Knowledge Base


Active Directory as Authentication Source and Role Provider on EFT Web Admin


kmarsh
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Web Admin, v3.6 and later

DISCUSSION

  1. Make a backup of EFT Web Admin application files (e.g. C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\).
  2. Open a Command prompt with Elevated permissions and Unencrypt your web.config connection strings section.
  3. C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin"

  4. Open your Web.config (e.g. C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin\web.config).
  5. Go to connection strings section and change your ADAuthConnectionString connection string. Change your default value from this $(ReplacableToken_ADAuthConnectionString-Web.config Connection String_0) to your LDAP/AD server Your connection string should look like:
  6. <connectionStrings >
    <add name="EFTWebAdmin" connectionString="Data Source=[SQLSERVERHOST]\[INSTANCE];Initial Catalog=[EFTWEBADMIN_DATABASE];User ID =[SQL_SERVER_USER];Password=[SQL_SERVER_PASSWORD] "/>
    <add name=" ADAuthConnectionString" connectionString="[LDAP_QUERY_PATH]" />
    </connectionStrings>

  7. Go to connection string section and change your ADRPConnectionString conncetion string. Change your default value from this $(ReplacableToken_ADRPConnectionString-Web.config Connection String_0) to your LDAP/AD server Your connection string should look like:
  8. <connectionStrings >
    <add name="EFTWebAdmin" connectionString="Data Source=[SQLSERVERHOST]\[INSTANCE];Initial Catalog=[EFTWEBADMIN_DATABASE];User ID =[SQL_SERVER_USER];Password=[SQL_SERVER_PASSWORD] "/>
    <add name="ADAuthConnectionString" connectionString="LDAP://dc.demo.vm/CN=Users,DC=demo,DC=vm" />
    <add name="ADRPConnectionString" connectionString="LDAP://DC=demo,DC=vm" />
    </connectionStrings>

    [LDAP_SERVER_LESSQUERY_PATH]: replace with your own LDAP query. For example
    LDAP://DC=demo,DC=vm

    NOTE: LDAP Server-less format is not supported.

  9. Use the following membership section:
  10. <membership defaultProvider="ADMembershipProvider">
    <providers>
    <clear />
    <add name="ADMembershipProvider"
    connectionStringName="ADAuthConnectionString"
    applicationName="EFTWebAdmin"
    connectionUsername="demo\username"
    connectionPassword="password"
    attributeMapUsername="sAMAccountName"
    enableSearchMethods="true"<
    type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

    </providers>
    </membership>

  11. Use the following Role manager section:
  12. <roleManager enabled="true" defaultProvider="ADRoleProvider">
    <providers>
    <clear/>
    <add name="ADRoleProvider"
    applicationName="EFTWebAdmin"
    type="Globalscape.EFT.Web.Providers.AdRoleProvider"
    connectionStringName="ADRPConnectionString"
    groupMode="Additive"
    enableSqlCache="True"
    sqlConnectionString="EFTWebAdmin"
    cacheTimeInMinutes ="5"
    groupsToUse="EFTWebAdminUser,EFTWebAdminSuperUser,EFTAdmins"
    groupsToIgnore="Senior Management"
    usersToIgnore="asmith, ksose"/> </providers>
    </roleManager>

  13. Make sure at least one account is allowed in the admin Settings for the EFT Web Admin.
  14. <location path="Admin" allowOverride="true">
    <system.web>
    <authorization>
    <allow roles ="EFTWebAdminSuperUser"/>
    <allow roles="ServerManagement"/>
    <allow roles="Administrators"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </location>

  15. Save Web.config.
  16. Encrypt your Web.config connection section again:
  17. C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "C:\Program Files (x86)\Globalscape\EFT WebAdmin\webapps\EFTWebAdmin"

  18. If you wish to encrypt your membership provider due to adding passwords to your AD, you can encrypt this section too by using:


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 3 Years Ago
Last Modified By: kmarsh
Type: HOWTO
Article not rated yet.
Article has been viewed 9.4K times.
Options
Find Similar