Implementing Campaign Manager - System Management

Windows Authentication

Windows Authentication allows application users to automatically log in to Campaign Manager when they are already logged in with their Windows ID. Windows Authentication can only be used if https is used throughout the system; it is not suitable for http implementations.

If Windows Authentication is required for use across multiple client databases, contact Support for information on how to configure the system.

Setting up Windows Authentication must be done within a secure environment.

Procedure

  1. In IIS enable Windows Authentication for the auth subsite of the Alterian.Alchemy.Hosting webservice.
  2. In the IIS Authentication panel open Providers and remove "Negotiate" entirely
  3. Confirm that the authentication service is configured by exploring the auth subsite of the Alterian.Alchemy.Hosting website in Content View and browse the AlterianAuthentication.svc page.

You will not be challenged for a password and the https://<website-url>/auth/AlterianAuthentication.svc is displayed.

Note: Steps 2 and 3 are not required if the Configure NTLM Authentication check box is selected on the Assign URLs stage when installing Campaign Manager
  1. Locate the following line in the Alterian.Alchemy.HostingSite web config file, and confirm the value is set to "true":
<add key="tryWindowsAuth" value="true" />
  1. Open the AuthenticationService.webconfig file and check if the following line exists:
<endpoint name="AuthApi_json_ntlm" address="jsonntlm" binding="webHttpBinding" bindingConfiguration="JSONP-https-ntlm" contract="SDL.AUTH.ApiLibrary.IAuthAPI" behaviorConfiguration="json-behaviour"/>

If the line does not exist, add it between the <service> & </service> element tags as follows:

<service behaviorConfiguration="ServiceCredentialBehavior" name="SDL.AUTH.ApiLibrary.AuthAPIService">

<endpoint name="AuthApi_httpscert" address="httpscert" binding="basicHttpBinding" bindingConfiguration="httpsiisBinding" contract="SDL.AUTH.ApiLibrary.IAuthAPI" behaviorConfiguration="SilverlightFaultBehavior" />

<endpoint name="AuthApi_json" address="json" binding="webHttpBinding" bindingConfiguration="JSONP-https" contract="SDL.AUTH.ApiLibrary.IAuthAPI" behaviorConfiguration="json-behaviour" />

<endpoint name="AuthApi_json_ntlm" address="jsonntlm" binding="webHttpBinding" bindingConfiguration="JSONP-https-ntlm" contract="SDL.AUTH.ApiLibrary.IAuthAPI" behaviorConfiguration="json-behaviour"/>

<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />

</service>

  1. When creating application Logons for a User Name, the Login Name must be entered as domain\windowsuserid. Select the Windows Authentication check box in the Manage logins dialogue to disable (grey out) the password box.
  2. If you need to switch existing Logins to Windows Authentication, you can edit them in the back end SQL tables (you cannot edit Login names with the Campaign Manager Admin UI).
Note: Take care when you edit back end SQL tables; this should only be done after consultation with the Administrator or DBA.
  1. Locate the entries for the logins in the [AlterianAuth].[Auth].[LoginIndex] table. Existing logins can be edited to be domain\windowsuserid, and the binary format password must be set to blank.
    • To log into Campaign Manager automatically, add the Campaign Manager site to the Local Intranet list via IE Options > Security > Local Intranet.
  2. It is advisable to test your set up to ensure it works as expected.
     
© Alterian. All Rights Reserved. | Privacy Policy | Legal Notice