How to set up Windows Authentication?

Estimated reading: 2 minutes 181 views

Visual Guard offers two modes of Windows authentication:
Windows SSO (Single Sign On) and Mix-Mode Authentication (Windows + another type of authentication).

Requirement

    • The VG Identity Server needs to be installed on a Windows Server

    • The Windows Server needs to be in the domain

    • The Windows Server needs to have IIS

Activate Windows Authentication in the VG Repository

First, you need to check if Windows is activated in the repository

    • Open VG WinConsole

    • Select and open your VGRepository

  • In the VGRepository settings, check that Windows Authentication is enabled in the supported authentication modes section.
Active Windows authentication


Activate Windows Authentication in VG Identity Server

IIS needs to have Windows Authentification activated

    • Select VG Identity Server app

    • Go to authentication module

    • Enable Anonymous and Windows authentification

Activate Anonymous and Windows authentification


Which Windows authentication mode should be selected?

Visual Guard offers two modes of Windows Authentication:

The first mode is Mixed Mode authentication that allows you to authenticate users with their Windows and another type of authentification

The second one is Windows SSO (Single Sign On), the user don’t need to do any things, Visual Guard authenticate the user directly without any action.


How to configure for the Mixed Mode Authentication?

To activate this mode, you need to open the VG Identity Server folder:

    • Open appsettings.json file for VisualGuard Identity Server

    • Set IsWindowsAuthenticationEnabled = true

    • Set IsAutomaticWindowsAuthenticationEnabled = false

    • Save the file and restart the VGIdentityServer

Sample

{
  "VGIdentityServerConfiguration": {
    "ServerId": "a31a70b4-9a09-445e-82c9-c6262eaa58f5",
    "WebUserInterfaceId": "03d1acad-61bf-4b62-82f4-3fe5eb0bb554",
    "IsWindowsAuthenticationEnabled": true,
    "IsAutomaticWindowsAuthenticationEnabled": false,
    "TraceLevel": "Verbose",
    "ServerUrl": "http://localhost:5000",
    "UseDefaultIdentityServerWhenServerIdEmpty": false,
    "CheckIfRestartRequiredAtEveryMinutes": "1",
    "AllowAutoRestart": "true"
  }  
}

VG Identity Server Sample login form

Mixed mode authentification user view

Windows Authentification


How to configure Windows SSO?

The Windows SSO (Single Sign-On) allows to authenticate users without any action on their part.

To activate this mode, you need to open the VG Identity Server folder.

    • Open appsettings.json file for VisualGuard Identity Server

    • Set IsWindowsAuthenticationEnabled = true

    • Set IsAutomaticWindowsAuthenticationEnabled = true

    • Save the file and restart the VGIdentityServer.

Sample code

{
  "VGIdentityServerConfiguration": {
    "ServerId": "a31a70b4-9a09-445e-82c9-c6262eaa58f5",
    "WebUserInterfaceId": "03d1acad-61bf-4b62-82f4-3fe5eb0bb554",
    "IsWindowsAuthenticationEnabled": true,
    "IsAutomaticWindowsAuthenticationEnabled": true,
    "TraceLevel": "Verbose",
    "ServerUrl": "http://localhost:5000",
    "UseDefaultIdentityServerWhenServerIdEmpty": false,
    "CheckIfRestartRequiredAtEveryMinutes": "1",
    "AllowAutoRestart": "true"
  }
}

From now on, when a user accesses the page, he will be automatically authenticated with his Windows account, without displaying a login screen.