Does EP support Active Directory (Windows) authentication? How can I turn it on?

Technical Questions

Easy Projects supports Windows (Active Directory) authentication.
In order to set it up please follow the below instructions.

1. EP Administrator should login to Easy Projects and prepare an account for him/herself by adding a new user entry and specifying the username in the form of "DOMAIN\UserName" (without the quotes) (see pic. 1). 

The Password field can contain anything since the Windows password will be read, and not the password in this field.


Pic. 1
 

2. Turn On Windows authentication for EP site in IIS manager.
Open IIS manager, click on EP web site/application, double click on the Authentication icon in the IIS section on the right, click on Windows Authentication and then click Enable on the right.
Make sure that both Anonymous and Forms Authentication are disabled (see pic. 2).



Pic. 2

If Windows Authentication is not listed then you should add it to IIS as a role service, see
below how to do that.

EP Administrator can now login to EP without entering his/her username and password.

Accounts for other EP users should be prepared in the same way as described in step 1.

 

NOTE. Both your EP IIS and SQL machines should be added to a domain.

 

Adding Windows Authentication role to IIS 7.

Run the Server Manager and add this Role Service:

 


Pic. 3
 

 

Q. I do not see the "Username" field on a user details page in EP.

A. To show this field please add the following parameter to the end of the "EasyProjects" section in the Web.Config file.

<ForcingShowLogin>true</ForcingShowLogin>


Q. My browser keeps showing a Windows login prompt every time when I try to access my EP site.
A. Note that you always will be prompted to login if you are logged in to Windows as a user who is different from one specified in EP.

The whoami command run in the command prompt shows user name and domain for currently logged in user.

If after entering correct credentials for the domain access in the Windows login prompt you successfully log in to EP then it is just browser settings that can be modified:


In Firefox you can setup automatic Windows authentication as follows:
1) Open Firefox.
2) In the address bar type about:config
3) Firefox 3 and later requires you to agree that you will proceed with caution.
4) After the config page loads, in the filter box type network.automatic
5) Modify network.automatic-ntlm-auth.trusted-uris by double clicking the row and enter your EP site name e.g. yourEPsite.com
6) Multiple sites can be added by comma delimiting them such as yourEPsite.com, yourEPsite2.com

Internet Explorer. If you access EP site by an IP address then you should add the site address to the Local Intranet security zone in IE options.


Q. I do not see the "Logout" link, how can I logout from EP and login as a different EP user?
A. Since your EP site is setup to use Windows authentication you are logged in to EP automatically using your Windows credentials (e.g. "domain\user1").
If you want to login to EP as a different EP user (e.g. "domain\user2") you should logout from your Windows and then login back to Windows as that user ("domain\user2" in this example) then open your EP site in Web browser.