Applies to Infiniti v9.0 or later
Infiniti version 9 sees the introduction of "Basic Windows" authentication, as a replacement for the now-deprecated "Standard" authentication mode. This is in order to improve security and ease of installation under modern versions of IIS.
Under "Basic Windows" authentication, access to Infiniti is controlled at a site level by domain credentials. Users can optionally be automatically added on navigating to the site as a user of the same domain as the Infiniti server. Infiniti group membership is not linked to Active Directory group membership and must be administered manually through Manage.
To set up an Infiniti installation with Basic Windows authentication, the instance should first be set up with Forms authentication and users added, with usernames matching desired domain users. At least one administrator account should be set up to enable administration once Basic Authentication is enabled.
Basic Windows authentication has two configuration options, which are configurable via the web.config file. These are:
- keepDomain (available settings: "true" and "false", defaulting to "false"). This setting is the same as for Windows authentication mode, and controls whether to keep the domain part of a username (i.e. whether to use "domain\user123", or just "user123"). This may be necessary in the case of username overlap with users in a Trusted Domain, for instance.
- autoCreateUser (available settings: "true" and "false", defaulting to "false"). This controls whether new domain visitors to the Infiniti site will have an account created automatically. If this is set to "true", any domain user navigating to the Infiniti site will automatically be given an Infiniti user account with access to Produce. As there is no Active Directory group checking in Basic Windows authentication mode, groups for automatically-added users must still be managed via Manage.
Ensuring That the System Can Be Accessed
In order to use an installation with Basic Windows authentication, at least one Infiniti user needs to exist that both matches a domain username, and is set as an Infiniti administrator. If no such user exists, the system will not be able to be administered when Basic Windows authentication is enabled. To allow administration in such a circumstance, the installation would need to be switched to Forms authentication and an appropriate user created (and given group memberships as necessary), after which the authentication method can be set to Basic Windows again.
How to support multiple sites on the same host
Windows Authentication cookie now uses the forms authentication name as a prefix to support multiple sites on the same host.
In the Produce and Manage web.config, change the "idoxAuth" to be unique name for the site in the same host.
<forms enablecrossappredirects="true" loginurl="~/Account/Login" name="idoxAuth" path="/" protection="All" requiressl="false" timeout="30">
Basic Windows Authentication keepDomain autoCreateUser usergroup