I am trying to use the API to connect to Vault using Integrated Windows Authentication, instead of requiring the user to enter their username and password each time (or, worse, store it in a config file).
I don't, at the current time, know if IIS has been set up correctly, but I am in the process of finding out. The problem is that I don't see a way to signal to the API that it should be using this method to authenticate, and my experience with Vault so far is that it really isn't there. Is this the case?
If there is not support for it at this time, please consider this a feature request for integrated windows authentication, at least when connecting to Vault via the API.
tia!
-Steve
Using Integrated Windows Authentication?
Moderator: SourceGear
-
- Posts: 4
- Joined: Fri Apr 11, 2008 2:38 pm
Using Integrated Windows Authentication?
Steve Czetty
Programmer, Application Development Group
IE Discovery, Inc.
Programmer, Application Development Group
IE Discovery, Inc.
What Vault can currently do is make use of a user's AD login and password instead of a separate Vault login an password. You wouldn't set this up with the API.
Vault needs to run under a domain account to make use of AD authentication. See the Installation Instructions for more information about that. You would set the IIS Process Model to Custom and enter or create a domain user. If you are at the point where you need to change to this, then let me know and I can help you through that.
After that, you would go into the Vault admin web page (or tool if on an older version) and enter in the Domain Information. Then when adding users, make their logins be exactly the same as their AD login.
Vault needs to run under a domain account to make use of AD authentication. See the Installation Instructions for more information about that. You would set the IIS Process Model to Custom and enter or create a domain user. If you are at the point where you need to change to this, then let me know and I can help you through that.
After that, you would go into the Vault admin web page (or tool if on an older version) and enter in the Domain Information. Then when adding users, make their logins be exactly the same as their AD login.
If I misunderstood and you already have your users using AD authentication and are just wanting them to not to remember logins and passwords, we have a profile function they should try out. When first logging in, they should click the profile button and create a new profile. Then they only have to select the profile to log in.
If that still doesn't accomplish what you want, just let me know.
If that still doesn't accomplish what you want, just let me know.
-
- Posts: 4
- Joined: Fri Apr 11, 2008 2:38 pm
I will take the profiles idea under advisement, but I am not sure if that will accomplish what we are looking for in our environment.
Our application was originally written for Visual SourceSafe, and it includes a checkbox for "Integrated Windows Authentication". Essentially, it takes the credentials of the currently logged-in user, and passes it though to sourcesafe without requiring the userid or password. We would like to have a global configuration file for all users of our app, but because each user needs to individually enter their passwords (which we currently store in the config, encrypted), that has proven difficult. It is also undesirable to store the passwords at all, in any form.
Since Vault is served on IIS, those credentials can be passed to the application from IIS if the configuration is set up to do so. However, the API appears to require that explicit userid and password be set. Let me know if I am misintrepreting this.
Thanks again!
-Steve
Our application was originally written for Visual SourceSafe, and it includes a checkbox for "Integrated Windows Authentication". Essentially, it takes the credentials of the currently logged-in user, and passes it though to sourcesafe without requiring the userid or password. We would like to have a global configuration file for all users of our app, but because each user needs to individually enter their passwords (which we currently store in the config, encrypted), that has proven difficult. It is also undesirable to store the passwords at all, in any form.
Since Vault is served on IIS, those credentials can be passed to the application from IIS if the configuration is set up to do so. However, the API appears to require that explicit userid and password be set. Let me know if I am misintrepreting this.
Thanks again!
-Steve
Steve Czetty
Programmer, Application Development Group
IE Discovery, Inc.
Programmer, Application Development Group
IE Discovery, Inc.
We don't currently have this capability, but it has been requested numerous times. I've added your name to the feature request.
Subscribe to the Fortress/Vault blog