What changes are required to Enable Windows Authentication on load balancer ?
I have two servers for the production website (HTTPS) on which I need to enable windows authentication.
Which places do I need to change and what changes to be done ?
Thanks in advance.
You just need to enable the windows authentication on all the servers and disable the anonymous authentication.
Make sure the authentication setting on all the servers is the same.
Related
I am currently running:
Windows Server 2016
SQL Server 2016
IIS
Cognos Analytics 11.1.7
SSO
SSL
MS Active Directory
This is a single-server install, so the content manager, dispatcher, and gateway are all on one Windows machine. On the ibmcognos application in IIS, Windows Authentication is enabled and Anonymous Authentication is disabled. In Cognos Configuration, "Allow anonymous access?" is set to False.
I want to make my Cognos offering available on the Internet. So I'm thinking I need "Allow anonymous access?" set to True and Anonymous Authentication is enabled. But I'm sure it's more complicated than that.
Here's what I'm thinking:
Add a Windows Server with IIS to my environment.
Install Cognos gateway on the new server.
Configure IIS for Cognos and allow anonymous authentication.
Configure Cognos (gateway) to point to my existing system.
Change "Allow anonymous access?" (on my existing system) to True.
For testing, can this all live on one server?
Install Cognos gateway into a separate folder.
Add a web site to the IIS web server.
Configure the new web site to use the new gateway and anonymous authentication.
Is that it? Is it that simple?
I know I'll need to adjust folder permissions in Team Content as appropriate to accommodate Everyone and still provide security.
I know there are risks concerning potential workloads on the Cognos server when I allow the entire planet access to it.
This turned out to be simpler. No additional install is needed. All that is needed is to change "Allow anonymous access?" to True on my initial configuration and allow Anonymous Authentication in IIS. Then all users get access to the objects that Everyone can see. To get access to internal-only content, they must click on the Personal menu and select Sign in. Not tested, but anyone not already authenticated in the Active Directory domain should get challenged for credentials.
Using this tutorial to connect to azure ad directory and wanted to know if it was necessary to use ssl?
Yes, all authentication endpoints should be HTTPS
In general, you should always secure any API or web site with TLS (in this case, using HTTPS). It is increasingly easy to obtain and use certificates.
For development scenarios, you may use an HTTP reply URL only if the host is localhost.
During development the team prefer to develop against a local database and local IIS Express web server.
We tried to configure an address of http://localhost:<port>/ in the Azure AD B2C application configuration as a return URI, but this isn't permitted (technically it should work, although I can see why it isn't permitted). So at the moment, when anyone signs in, it returns them to the test server URL.
We'd like to be returned to our local development server instance. Is there any way that people know of to achieve this?
You can use localhost, but make sure to use https:
https://localhost:<port>
See also this answer: DNS URLs in Azure AD B2C don't work
Just a self signed certificate is enough to make this work. We use this a lot (together with B2C) for our development machines.
I'm developing some web site that run on IIS 7 and can connect to SQL server via php. The problem is I think its not safe because everyone that know my public IP address can freely access my site (the site is not for public, but I need it to be accessible to some people). How can I add security to this website of mine?
I have search for some type of security like authentication in IIS, but I don't know what should be used. Can I just add id and password like when we try to open page for configure router (192.168.0.1) .
You can easily disable anonymous authentication and enable basic authentication in IIS 7 using IIS manager.
Here is a Technet link and an SO post with details:
Is it a standalone server or do you run the IIS server on a desktop?
If your the only one who should access your site you could also use Intergrated windows authentication (IWA). IWA is a feature of the IIS Server, so if you wan't to use is you should enable it first.
Webdeploy is very convenient from Visual Studio 2010. Today I am using it to publish my project via a remote deploy agent (http://x.x.x.x/MsDeployAgentService) to a production web server facing Internet.
Although administrator password is required, is it a good practice to leave http://x.x.x.x/MsDeployAgentService accessible to everyone or should I care more about the security of this subpath so that it cannot be accessed from Internet?
If I need to allow deployment only from certain internal URLs, how do I secure the deployment agent service?
It seems pretty secure as a few shared hosts are using it for their clients.
Security note
Set it up so that you are using IIS managers and not Windows Logins.
There is an implicit restriction on what IIS managers can do, rather than Windows, and passing out Windows logins means access via RDP to the server (usually)