Windows Authenticated logon configuration for Microsoft IIS7
Step 1. Setup and configure the HelpMaster Active Directory module
Before any Windows-based authentication can take place for any of the
HelpMaster modules, including the web interface, you will need to first
install, configure and run the HelpMaster Active Directory module to
synchronize your HelpMaster users with a valid Active Directory account.
See Active Directory Module Overview for
the installation and configuration process
Step 2. Create a Windows Authentication 'hmplogin' virtual directory
In order for the Windows Authentication feature of IIS 7 to
work, it must first be installed. This component is not installed by
default, so you may need to install it. See
Microsoft IIS 7 for details. Ensure that you check the "Windows
Authentication" checkbox during the install (see picture).
In addition to the creation of the required virtual directory for the web
interface, a second directory needs to be created called 'hmplogin'.
Unlike the standard HelpMaster web interface virtual directory which accepts
anonymous authentication, this virtual directory will be configured to
authenticate valid Windows accounts (network accounts) only. Once
authentication has been successful, the authenticated Windows user will be
automatically re-directed back to the standard HelpMaster web interface
application and automatically logged in with their corresponding HelpMaster
To configure the Windows Authentication virtual directory, perform the
following steps on your HelpMaster web server. The following steps
reflect the steps required for
IIS version 7.
Open the IIS Manager by selecting Control Panel > Administrative
Tools > Internet Information Services (IIS) Manager
- "Right click" on the
Default Web Site
node/branch and select Add application... from the pop-up menu
The properties for a new application will be displayed.
- The "Add Application" screen contains several settings that need
to be configured. After each of the settings below have been
configured, click OK to create the web application.
Alias : This is the name of your HelpMaster
Windows authentication web application. This should be one word
without any spaces. This name will be the web page that you will
need to access to use the HelpMaster Module. eg.
www.machinename.com/virtualdirectoryalias. It is
recommended that you call the name of this application "hmplogin".
This is the name used throughout this documentation.
Application pool : Select the application pool that the
HelpMaster web interface will operate in. Choose the
default, or select / create an application pool. For further
information about Application pools, refer to
Physical path : Click the "..." button to browse to where
you installed HelpMaster. It is vital that you select the
[HMP Web Install Path]\WinLogin
folder. If you selected default settings during the setup,
this location may be "C:/inetpub/wwwroot/HelpMaster
Note: If you moved this folder at any time, or wish to re-locate this folder,
please read this first.
Connect as... : Select the connection method.
It is vital that this setting is set to "Application user
- Once the HelpMaster "hmplogin" application has been created,
ensure that it is configured for Windows Authentication.
Click on the "hmplogin" application, then find the "Authentication"
icon in the "IIS" group. Right-click and select "Open Feature"
If the Windows Authentication icon is not displayed, it most
likely means that it is not installed. See
Installing Microsoft IIS 7 for details. Ensure that you
check the "Windows Authentication" checkbox during the install (see
- Right-click on "Windows Authentication" and select "Enable" from
the pop-up menu.
Step 3. Configuring redirect for un-authenticated requests (optional)
Now that you have created a web application to accept Windows authenticated
logins, you may like to configure this application to appropriately
handle logins that for whatever reason cannot be authenticated. (eg.
account has expired, network issues, non-network login etc). When an
authentication request fails, you can configure the IIS to re-direct the user
back to the standard HelpMaster login page where they can try logging onto
the HelpMaster web interface via their HelpMaster account.
To configure un-authenticated request redirection, perform the following
steps on your HelpMaster web server.
- Click on the "hmplogin" application, then find the "Error Pages" icon in
the "IIS" group. Right-click and select "Open Feature"
- Edit the properties for '401;1' and '401;2'. These error codes
refer to authentication errors. Rather than display the default error
page, you can re-direct these errors to point back to your standard
HelpMaster web interface application that you
interaction with HelpMaster Windows modules
Creating a virtual directory