1. Home / Version 8.0 Documentation and Guides / infoRouter NT Authentication Implementation Guide

infoRouter NT Authentication Implementation Guide

Implementing pure NT Authentication


This document is intended for cases where an NT domain is being used to authenticate users.

The infoRouter server must be a part of the NT domain. It should not be set up as a stand-alone server.

To switch an infoRouter instance to support NT authentication, perform the following:

IIS Settings


Open IIS Manager

Click and expand the "Sites" node

Click on the infoRouter application

Open the "Authentication" feature.

Make sure the settings are as follows:

  • Anonymous Authentication Disabled
  • ASP.NET Impersonation Disabled
  • Basic Authentication Disabled
  • Forms Authentication Disabled
  • Windows Authentication Enabled

Only "windows authentication" must be enabled. Other authentication types must be disabled.


implementing pure nt authentication IIS settings

infoRouter Web.config settings


Using Windows file explorer:

Navigate to the site directory under the infoRouter application directory

C:\inforouter\site

or

D:\inforouter\site

Edit the "web.config" file using Notepad

Add the authorization section as shown below:

 <configuration>
...
 <system.web>
...
 <authorization>
 <allow users="?" />
 </authorization>
 <authentication mode="Windows" />
...
 </system.web>
...
 <configuration>

Save the changes and close notepad.

Site directory security settings


Make sure the site directory has read and execute rights for all the users that need to access to the infoRouter application.

Use a group instead of individual users, such as

  • Domain users
  • Authenticated users

The SYSADMIN account


Using infoRouter in this mode requires that all users be authenticated from NT. This includes the infoRouter SYSADMIN account. You must either create an account called "SYSADMIN" as an NT Domain account or rename the infoRouter SYSADMIN account to another user name that matches an NT account name.

Other considerations


Running infoRouter in a pure NT Authentication mode has limitations.

Users from only a single domain can be authenticated. You cannot have users from different domains access the same instance of infoRouter.

In pure NT Authentication mode, you may not use "Mixed" Authentication. All users must be members of the same domain and infoRouter authentication is no longer possible.

You may set up a second instance of infoRouter and implement a different authentication method to support mixed authentication mode. This will be subject to additional licensing.