How to secure a web app with IIS' "URL Authorization"
Applicable Product:
- OrgPublisher
Applicable Release:
- V21 and later
- 11.x
Summary:
Here's how you secure a web application using URL Authorization/Authorization Rules:
- In the OrgPublisher configuration, make sure you have "Use Windows Authentication for site access" checked for the unsecured charting web app:
NOTE: in my examples, I'll be using the "2016OrgCharts" web app.
- In your Server Manager, make sure that the "URL Authorization" feature is installed:
After installing that feature, when you bring up IIS, it shows up as "Authorization Rules":
In IIS, here's what you do:
- Select the charting web app
- Double click on "Authorization Rules":
- Select the "Allow" rule and then click on "Edit":
- Click on the "Specified roles or user group" option or the "Specified users" option
- Then type in the AD group(s) or the AD user account(s) (separated by commas); for example:
OR
- Then click OK
Make sure you test this out thoroughly by having various people try to access the chart URL. If your browser has not been set to allow passthrough-authentication, you will be prompted for your Windows credentials.
Keywords: secure, security, web app, URL Authorization, Authorization Rules
Created : Alvin Ee
Reviewed: Melanie Culp 07/20/2023