Versions Compared

Version Old Version 10 New Version Current
Changes made by

Anand Rajaraman

Del Gonzalez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Prior to Velocity 3.7 SP1 release, the Velocity Web Service Client (VWSC) application used the Anonymous Authentication mode, which used the Forms Authentication Provider. As a result, when you initially hit the VWSC website, a login page displays and is authenticated by the Velocity Web Service.

Starting from the Velocity 3.7 SP1 release, the Administrator can disable Anonymous Authentication and define Windows Authentication to support Auto-Login capability. For users logged in as an authorized Velocity operator in the Velocity domain in Windows system on their device, the VWSC login page is bypassed to enable the Auto-Login feature.

...

Configuring IIS for Windows Authentication in Windows 10 Pro and above

The steps below enable Windows Authentication in IIS where Velocity Web Client or VWSC bundle is installed.

  1. Go to Control Panel > Programs.

  2. Locate and click on Turn Windows Features on or offlink as shown below.

  3. In Windows Features dialog, expand Internet Information Services > World Wide Web Services > Security to see the available options.

  4. Select the following highlighted options (if not selected already), and then click OK.

    • World Wide Web Services > Security > Basic Authentication

    • World Wide Web Services > Security > Request Filtering

    • World Wide Web Services > Security > Windows Authentication
      A progress dialog shows that Windows is  building is building the selected feature changes.

  5. Click Close after Windows completes the requested changes. Windows Authentication mode is now enabled in IIS.

...

  1. Go to Run and type ServerManager and press Enter or click Server Manager button in the Windows taskbar.
    The Server Manager Dashboard screen displays as shown.

  2. Click Add roles and features link in Dashboard.

  3. Read the wizard instructions and click Next to continue.

  4. In Select installation type choose Role-based or feature-based Installation radio button.

  5. Choose to Select a server from the server pool radio button.

  6. Select the Windows Server 2016 from Server Pool and click Next.

  7. Select the following highlighted options (if not selected already) and then click Next.

    1. Select Server Roles. Choose the following options under Roles:

      1. Web Server (IIS) (20 of 43 Installed) > Web Server (14 of 34 Installed) > Security (1 of 9 Installed) > Request Filtering (Installed)

      2. Web Server (IIS) (20 of 43 Installed) > Web Server (14 of 34 Installed) > Security (1 of 9 Installed) > Basic Authentication

      3. Web Server (IIS) (20 of 43 Installed) > Web Server (14 of 34 Installed) > Security (1 of 9 Installed) > Windows Authentication

        Skip to the Confirmation menu in the Add Roles and Features Wizard

  8. In Confirm installation selections click Install to enable Windows Authentication on Windows 2016 Server.

    The Installation progress window display the progress of the Feature Installation.

  9. Click Close after the installation is done.

Velocity Web Service Client Website Configuration

...

  1. On the desktop, click Start >Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager.

  2. On the left panel in connections, select User > Sites > Default Web Sites > VWSC.

  3. Double-click Authentication.

  4. The VWSC Authentication window displays. Right ; right click Anonymous Authentication to Disable or select Disable link as shown.

  5. Right click Windows Authentication to Enable or select Enable link as shown.
    Except Windows Authentication all other authentications must be disabled.

  6. Right click Windows Authentication and select Advanced Settings or click Advanced Settings link as shown.

  7. In Advanced Settings dialog box, select Accept from Extended Protection drop-down and click OK as shown below.

  8. In IIS Manager window, right click Default Web Site > All Tasks > Restart IIS for the changes to take place as shown below.

PIV Enrollment using Windows Authentication

To configure anonymous authentication using IIS, you need to:

  1. Run notepad as adminRun Notepad as Administrator

  2. Open %WINDIR%\System32\inetsrv\config\applicationHost.config

  3. Save it as %WINDIR%\System32\inetsrv\config\applicationHost.config.bak for backup purposes

  4. Find following string:
    <section name="anonymousAuthentication" overrideModeDefault="Deny" />

  5. Replace Deny with Allow

  6. Save file as %WINDIR%\System32\inetsrv\config\applicationHost.config

  7. Recycle app poolthe Application Pool, to be 100% sure that IIS re-reads webreads web.config

Periodic recycling of application pool Application Pool helps to avoid unstable states that can lead to application crashes, hangs, or memory leaks.

For details on how to recycle settings on application pool, refer to https://tinyurl.com/y44yb4mm

...

Auto login window appears only if the user is currently logged into their device as a member of the Velocity Users group Group in the Velocity domain and is an authorized Velocity operator. Configuring Microsoft Edge to automatically pass credentials for trusted sites without prompting can be done through the browser settings.

A.   The following steps allow the user to configure Microsoft Edge browser without prompting their credentials over trusted sites:

  1.  Open Microsoft Edge.

  2. Click on the three horizontal dots (...) in the upper-right corner of the browser window. This will open the menu. Click Settings in the menu., click Settings

    Edge_1.png

  3. In the Settings menu, locate and navigate to Cookies and site permissions.

    Edge_2.png

  4. Under Cookies and site data stored, click on Manage and delete cookies and site data.

    Edge_3.png

  5. This will open a new window where you can manage individual site permissions. , scroll down to find the section labeled Allow "The following sites can save cookies on your device...". Click , click Add.

  6. Enter the URL of the trusted site for which you want to automatically pass credentials. Click , click on "Add" to add and save new site.

    Edge_4.png

  7. Once you have configured the settings for the trusted site, you can also go back to the main Settings page in Microsoft Edge.
    If you have a list of trusted sites, you can repeat the process to add each site to the list. Ensure that the URLs you add are correct to avoid any issues.

B. The following steps allows to add the website URL to work properly in latest Google Chrome versions:

  1. Go to Control panel > Internet Options. The Internet Properties window opens.

    control_panel_Internet_properties.png

  2. In Internet Properties windows, select Security tab as shown.

    Internet_prty_security_tab.png

  3. Select Local Intranet -> Sites button.

  4. The Local Intranet dialog window opens. Select , select Advanced.

    Local_Intranet_advanced.png

  5. The Local Intranet windows displays. , Add “httphttp://localhost/VWSC

    Local_Intranet_add.png

  6. The URL is added to the Websites text area in Local Intranet. Click , click Close.