4.6.1. Configure IIS and Reverse Proxy to login ChronoScan with an AD user

 

 

In ChronoScan it is possible to link an Active Directory user to a ChronoScan user, if ChronoScan knows the AD user when enter and the user is linked to a ChronoScan user, it will login directly. To assign an AD user to a ChronoScan user, the chronoscan user variable "uservar.LDAP_USER_AUTH" must be set to the windows username on the edit user window.

 

Using Application Request Routing (ARR) as reverse proxy is a easiest way to redirect requests to another site, ISS can obtain the client user (windows user) but there is no way to redirect these variables to another path. It is possible to redirect another variables and headers but not the related to user information.

 

For this ChronoScan has a library (ChronoIIS_AD.dll) that can include the user information in the call. To configure this library follow this steps

 

Enable windows authentication and disable anonymous

 

 

 

If Windows Authentication is not present here, it is necessary to install it on Windows

 

 

 

Register the library, the library must be in the installation directory. At server level click on Modules

 

 

Click on Configure Native Modules

 

 

Register the library, select it in the installation directory

 

 

 

The new module will appear in the list activated, we can disable it because we don't need it at server level we will activate it at site level.

 

 

To activate the module at site level, select the site and click on Modules

 

 

 

 

Click on Configure Native Modules and enable the existing ChronoIIS_AD module

 

 

 

 

 

To check if the user is received open environment variables in ChronoScan

 

 

Now assigning the variable user variable uservar.LDAP_USER_AUTH to the correponding AD user, it will login directly