Set up IIS for web client

The migRaven.24 / 7 Web Client performs an automatic Windows authentication of the logged on user against the Active Directory. For this an option has to be adapted after the installation

Similarly, the browsers used must support "built-in authentication". Please note the compatibility of the browser. The Firefox browser still needs to make the adjustments described below, Internet Explorer, Chrome and Edge need no further configuration.

Configure Internet Information Service

The migRaven.24 / 7 Web Client was created as an IIS page during installation. To start, open the first Internet Information Services (IIS) Manager on your windows server.

(We have the IIS Administration Console during the Preparation set up as a Windows feature)

You will find the migRaven Website under Sites listed.

Start the page with a click on starten.

Open the settings for the authentication with a double click.

At this point, only the Windows Authentication be active. Go here by right-clicking on the Advanced Settings.

Remove Add the hook here Enable kernel-mode authentication.

The migRaven Website you can now via the URL http://fqdn to reach. In my example, then http://vm-2012.test.local .

The logged in Windows account determines the assigned role within the web client and compares this with the stored accounts in the account management.

Important: Access to the web interface is only given if the corresponding AD account in the migRavenSurface has been created. You will find the instructions for this in the next step

Set up automatic Windows authentication for the Firefox browser

For security reasons, the automatic authentication on the Intranet, ie on the own domain on the own Windows servers, does not happen automatically in Firefox, in contrast to other Web browsers.
This NTLM and Kerberos authentication must first be activated in Firefox.

The example for the domain "test.local" requires the following steps:

  1. In Firefox, enter "about: config" (without spaces) in the address bar.
  2. Search for the following four parameters and enter the specified values, instead of "test.local" your domain.
network.negotiate-auth.allow-non-fqdntrue (most important entry)
network.automatic-ntlm-auth.allow-non-fqdn true

network.automatic-ntlm-auth.trusted-uris test.local

network.negotiate-auth.trusted-uris test.local

Permanent link to this post: