Applicable Product:

• OrgPublisher

Applicable Release:

• V21 and later
• 11.x

Summary:

NOTE: the list of users added via IIS's "Authorization Rules" will get reset to "Allow all users" if you subsequently update the charting web app via the OrgPublisher Configuration tool.  Therefore, you will need to re-add them each time you make an update to a charting web app using IIS' URL Authorization/Authorization Rules.

Here's how you secure a web application using URL Authorization/Authorization Rules:
 

• In the OrgPublisher configuration, make sure you have "Use Windows Authentication for site access" checked for the unsecured charting web app:

NOTE: in my examples, I'll be using the "2016OrgCharts" web app.
 

• In your Server Manager, make sure that the "URL Authorization" feature is installed:
  
  After installing that feature, when you bring up IIS, it shows up as "Authorization Rules":

 
In IIS, here's what you do:

1. Select the charting web app
2. Double click on "Authorization Rules":
   
    
3. Select the "Allow" rule and then click on "Edit":
   
    
4. Click on the "Specified roles or user group" option or the "Specified users" option
5. Then type in the AD group(s) or the AD user account(s) (separated by commas); for example:
   
   OR
   
   
    
6. Then click OK

Make sure you test this out thoroughly by having various people try to access the chart URL.  If your browser has not been set to allow passthrough-authentication, you will be prompted for your Windows credentials.
 
 
Keywords:  secure, security, web app, URL Authorization, Authorization Rules


Created : Alvin Ee
Reviewed: Melanie Culp 07/20/2023