did someone run iislockdown or possibly change the anonymous authentication on the virtual directory's security setting? by default, the virtual directory, vaultservice, is created w/ anonymous access.
just about every vault web service call has built in authentication / authorization mechanisms. so, unless you have
a compelling reason to change, i would strongly recommend running with anonymous access
on.
with that said, we have had some users insist on using windows authentication security. note, this is actually tied to the .net framework itself, and not the vault code - the vault client always sends the credentials of the
currently logged in windows account.
most of these customers reported a degredation on overall vault performance. it seems the extra load placed on iis to do the authentication for every vault web service call can have quite an impact.
in any case, if you would still feel better setting up this security, i would recommend taking a look at the following links:
here is a sample i quickly whipped up for
vaultservice's web.config that allows the domain users JEFFC and CHARLESD access to the vault service. please note, jeffc and charlesd must be logged onto the domain for this example.
Code: Select all
< authentication mode="Windows" />
< authorization >
< deny users="*" />
< allow users="MYDOMAIN\JEFFC, MYDOMAIN\CHARLESD" />
< /authorization >