[en] Setting Up Windows Authentication

[en] Snow License Manager 9

2022-02-15

[en] About this document

[en] This document specifies the setup of Windows Authentication for use within Snow License Manager. This functionality is not a Snow Software feature but rather an Internet Information Services (IIS) feature that can be configured and used in Snow License Manager.

[en] Setup

[en] Edit Snow License Manager configuration

[en] Start by editing the web.config file located in the folder C:\Program files\Snow Software\Snow License Manager\Web.

[en] Set the value for the following key:

  • [en] Activate Windows authentication:

    [en] UseWindowsAuthentication = true

Note

[en] When Snow License Manager (SLM) Web API is used for retrieving information from an SLM installation where Windows Authentication is enabled, an exception allowing anonymous requests must be made for the API in the SLM web configuration.

[en] Enable Windows Authentication in IIS

  1. [en] In IIS Manager, select the Snow License Manager site, and click Authentication.

  2. [en] Verify that Windows Authentication is enabled and that Anonymous Authentication is disabled.

  3. Note

    [en] The following task is only applicable when using the Snow License Manager Web API.

    [en] Select the server that hosts the Snow License Manager site, and then click Feature Delegation. Change the following delegations to READ/WRITE:

    • [en] Authentication - Anonymous 

    • [en] Authentication - Basic

    • [en] Authentication – Windows

  4. [en] Open an elevated command prompt and run the command iisreset.

    [en] This will restart the IIS, and force a reload of all settings and cache, applying the configuration changes made in the previous steps.

[en] Create users in Snow License Manager

[en] Create user accounts for the domain users that will be granted permission to use Snow License Manager.

[en] The users are created in Snow Management and Configuration Center (Start|All Programs|SnowSoftware|Snow License Manager|Snow Management and Configuration Center).

  1. [en] In the category menu, click Security.

  2. [en] Click New User.

  3. [en] On the User tab:

    1. [en] Type User name as ADDomain\Useraccount.

    2. [en] Type First name, Last name, and E-mail.

    3. [en] Select Organisation and Language.

    4. [en] Type a Password.

      [en] A password must be set, but since it will never be used for authentication it can be set to anything.

  4. [en] On the Roles tab, select appropriate roles for the new user.

  5. [en] Click OK to save the new user.

  6. [en] Repeat these steps for every user that needs to be created.

    [en] When all users have been created, the setup of Windows Authentication is complete.

[en] Verify setup

[en] Open Snow License Manager in a web browser.

[en] If your account has been setup correctly in Snow License Manager you will be forwarded directly to the main start page, without any additional login being required.

[en] Appendix

[en] The Snow License Manager Web API (SLM Web API) uses basic authentication. For the SLM Web API functionality to work properly, authentication requests need to be passed through to the API instead of being handled by the IIS (web server). This means that if Windows Authentication is enabled for the SLM site, an exception allowing anonymous requests must be made for the API in the SLM web configuration.

[en] Basic authentication is also used for synchronizing images configured for applications in the Store in Automation Platform.

[en] Add the following changes in the <configuration> section of the SLM web.config file (c:\program files\snow software\snow license manager\web\web.config):

[en] <location path="api">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="true" />
                <basicAuthentication enabled="false" />
                <windowsAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>
<location path="Upload/Store/Images">
    <system.webServer>
      <security>
        <authentication>
          <anonymousAuthentication enabled="true" />
          <basicAuthentication enabled="false" />
          <windowsAuthentication enabled="false" />
        </authentication>
      </security>
    </system.webServer>
  </location>

[en] In some environments, you can't change these settings in the web.config file, and you need to configure this on the web server also:

  1. [en] Go to IIS.

  2. [en] Select the Server name node and select Feature Delegation.

  3. [en] Change the following settings to Read/Write.

    • [en] Authentication - Anonymous

    • [en] Authentication - Basic

    • [en] Authentication - Forms

    • [en] Authentication - Windows

    [en] The web.config is permitted to set authentication per path.