Toolkit > iWeb Security > Forms Based Authentication

Forms Based Authentication

netFORUM has the ability to log iWeb users in by a web form instead of a Windows challenge. This also allows for authenticating against multiple sources, all of which must expose an LDAP. Forms Based Authentication is the default configuration for netFORUM.

Configuration

During product implementation, use the information in the following sections to verify forms based authentication is properly enabled.

Code

Update the iWeb web.config file and uncomment the following two sections:

<!-- Form Authentication Section -->
<section name="LDAPconfig" type="Avectra.netForum.Common.LDAPconfigSection, common" />

<!-- Forms Auth Config -->
<LDAPconfig>
<LDAP url="LDAP://LDAP_LOCATION" domain="DOMAIN" setup="[domain]\[user]" />
</LDAPconfig>

The sections shown above are what you see after you remove the comment.

Fields

The fields in the LDAP Configuration should be set as follows:

URL - Location of the LDAP
Domain - Name of the domain for the LDAP
Setup - Pattern for how the username is built, this will generally be [domain]\[user], but other patterns include [user]_[domain]
- User - will be replaced with the value entered on the login form
- Domain - will be replaced with the value set as the Domain

Change the IIS settings for iWeb
- Disable Windows Authentication
- Enable Forms Based Authentication

This configuration challenges users with a form based login instead of the windows prompt.

Firewall

In most cases, the LDAP is behind a network firewall. Your network staff must open a port in the firewall to allow the IP address of the netFORUM web server to connect to your LDAP.

Functionality

Forms Based Authentication provides the following functionality:

Web based login screen instead of a Windows challenge

netFORUM Web Based Login Screen

Logout option available on all pages
Session timeout.

Logout

The Logout option is available in the upper right corner of all netFORUM pages.

Logout Option

Clicking this menu option immediately logs the user out of the netFORUM session and returns them to the login screen.

Session Timeout

Forms Based Authentication also provides a session timeout feature.

After 18 minutes of inactivity, users are prompted with a warning informing them that their session is about to expire.
After 20 minutes of inactivity, users are logged out and taken to the netFORUM login screen.

Session Timeout Warning in netFORUM

Users can set a preference that returns them to the page they were working on before the session timeout. However, any unsaved work is lost.

Last Page Accessed Setting Highlighted on User Preferences Page