Enabling integrated Windows authentication

The End User Interface authenticates users based on their Windows logon credentials. The logon credentials are either passed transparently from the client to the web server or entered manually by the user at the beginning of each session. The login method depends on how authentication is configured; both methods are described in the configuration instructions.

Note:  Windows authentication is required with NTLM authentication. Skip this section for database authentication.

Configure Windows authentication on the web server and then configure Internet Explorer on clients.

Configuring integrated Windows authentication on the web server

  1. Log on to the web server using an account that belongs to the local Administrators group and start IIS.

  2. Expand the server running the End User Interface and expand Default Web Site.

  3. Click the virtual directory for the End User Interface. (The default name is WebClient.) The End User Interface program files appear in the details pane.

  4. Right-click WebClient in the details pane and select Properties.

Note:  When right-clicking WebClient in IIS for Windows 2008 server, you do not get a Properties option. Instead, for 2008 server, double-click authentication and enable anonymous access there.

  1. Go to the Directory Security tab.

  2. Go to Authentication and access control (Windows 2003/2008) and click Edit. The Authentication Methods page opens.

  3. Clear Enable anonymous access (Windows 2003).

  4. Go to Authenticated access section and select Integrated Windows Authentication option.

  5. Click OK to save the changes and close the Authentication Methods page.

  6. Click OK to close the Properties page.

Configuring integrated Windows authentication on clients running Internet Explorer 7.0/6.0

You must configure Integrated Windows Authentication on all clients running Internet Explorer 7.0/6.0.

  1. Log on to the client using an account that belongs to the local Administrators group and start Internet Explorer.

  2. Open Internet Explorer and click Tools > Internet Options.

  3. Click the Security option.

  4. Select Internet or Local Intranet depending on your default zone and click Custom level. The Security Settings page opens.

  5. Scroll down to the User Authentication section and make the following changes:

  6. To authenticate the Windows user transparently, select Automatic logon with current user name and password.

  7. To prompt the Windows user to enter logon credentials at the beginning of each session, select Prompt for Username and Password.

  1. Click OK to close the Internet Options page.

  2. Close the Internet Explorer page.

  3. Close all other open instances of Internet Explorer for the change to take effects.