Documentation Center

Setting up authentication for the Archive Manager Web service

Authentication improves the Archive Manager Web service security.

Procedure

  1. Access the SDL Tridion installation media.
  2. Navigate to the \Content Delivery\roles\webservice\java\lib\ folder and copy the following files from this location:
    • cd_ambient.jar
    • cd_core.jar
    • cd_dynamic.jar
    • cd_model.jar
    • cd_odata.jar
    • cd_odata_types.jar

    to the following destination directory depending on the technology you use:

    • If you use Java, copy the contents of this folder to the /WEB-INF/lib/ directory of your Web application.
    • If you use .NET, copy the contents of this folder to the bin\lib\ folder of your Web application.
  3. Similarly, copy the contents of the \Content Delivery\roles\webservice\java\third-party-lib\ folder to /WEB-INF/lib/ or \bin\lib\.
  4. If you have a .NET Web service, depending on the bit size of your operating system copy all the DLLs from one of the following locations to the bin\ folder of your Web application:
    • On a 32-bit system, go to the \Content Delivery\roles\webservice\dotNet\dll\x86_64\ folder.
    • On a 64-bit system, go to the \Content Delivery\roles\webservice\dotNet\dll\x64\ folder.
  5. Navigate to the \Content Delivery\resources\configurations\ folder and copy the following files to the /WEB-INF/classes/ (for Java) or to \bin\config\ (for .NET):
    • cd_ambient_conf_sample.xml
    • cd_webservice_conf_sample.xml
    • cd_storage_conf_sample.xml (only required if you have a .NET Web service)
  6. Rename the configuration files:
    • cd_ambient_conf_sample.xml to cd_ambient_conf.xml
    • cd_webservice_conf_sample.xml to cd_webservice_conf.xml
    • cd_storage_conf_sample.xml to cd_storage_conf.xml
  7. Open cd_ambient_conf.xml and make sure to exclude the path from the Ambient Data Framework by adding one of the following to the configuration:
    JSP
    <ExcludedPaths>
      <Path>/access_token</Path>
    </ExcludedPaths>
    .NET
    <ExcludedPaths>
      <Path>/access_token.svc</Path>
    </ExcludedPaths>
  8. If you have a .NET Web service, go to the \Content Delivery\roles\webservice\dotNet\ folder and copy the file access_token.svc to the root of your Web service.
  9. Open cd_webservice_conf.xml and edit to set a password. Encrypt the password using the tool provided—for more information, see Encrypting sensitive strings.
  10. If you have a Java Web service, open the web.xml file in the Web application and ensure that the following section is present:
    <filter>
      <filter-name>Ambient Data Framework</filter-name>
      <filter-class>com.tridion.ambientdata.web.AmbientDataServletFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>Ambient Data Framework</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <servlet>
      <servlet-name>Content Delivery Authorization Server</servlet-name>
      <servlet-class>com.tridion.webservice.security.authentication.OAuth2AccessTokenHandler</servlet-class>
    </servlet>
    
    <servlet-mapping>
      <servlet-name>Content Delivery Authorization Server</servlet-name>
      <url-pattern>/access_token</url-pattern>
    </servlet-mapping>
  11. If you have a .NET Web service, open the web.config file in the Web application and do the following:
    1. If you use .NET 4.0, ensure the presence of the following <configSections> section:
      <configSections>
       <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">  
        <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, 
            System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
            <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, 
              System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
          </sectionGroup>
        </sectionGroup>
      </configSections>
    2. If you use .NET 3.5, ensure the presence of the following <configSections> section:
      <configSections>
       <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
         <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, 
            System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
            <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, 
              System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" 
              requirePermission="false" allowDefinition="MachineToApplication"/>
            <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, 
              System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
               <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, 
                 System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" 
                 requirePermission="false" allowDefinition="Everywhere"/>
               <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, 
                 System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" 
                 requirePermission="false" allowDefinition="MachineToApplication"/>
               <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, 
                 System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" 
                 requirePermission="false" allowDefinition="MachineToApplication"/>
               <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, 
                 System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" 
                 requirePermission="false" allowDefinition="MachineToApplication"/>
            </sectionGroup>
          </sectionGroup>
        </sectionGroup>
      </configSections>
    3. Ensure the presence of the following elements inside the assemblies section:
      <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    4. Ensure the presence of the following fragment directly above the </system.web> closing tag:
      <pages>
        <controls>
          <add tagPrefix="asp" namespace="System.Web.UI" 
            assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add tagPrefix="asp" namespace="System.Web.UI.WebControls" 
            assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        </controls>
      </pages>
      <httpHandlers>
        <remove verb="*" path="*.asmx"/>
        <add verb="*" path="*.asmx" validate="false" 
          type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, 
                Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="*" path="*_AppService.axd" validate="false" 
          type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, 
                Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, 
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" 
          validate="false"/>
        <add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory" />
      </httpHandlers>
      <httpModules>
        <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, 
                   Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add name="Tridion.ContentDelivery.AmbientData.HttpModule" 
          type="Tridion.ContentDelivery.AmbientData.HttpModule" />
      </httpModules>
    5. Ensure the presence of the following fragment directly below the </system.web> closing tag:
      <system.codedom>
        <compilers>
          <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" 
            type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, 
                  PublicKeyToken=b77a5c561934e089">
            <providerOption name="CompilerVersion" value="v3.5"/>
            <providerOption name="WarnAsError" value="false"/>
          </compiler>
        </compilers>
      </system.codedom>
    6. Only if you use IIS 7.5, ensure the presence of the following fragment directly below the previous one:
      <system.webServer>
        <validation validateIntegratedModeConfiguration="false"/>
        <modules>
          <remove name="ScriptModule"/>
          <remove name="WebDAVModule" />
          <remove name="FileAuthorization" />
          <add name="ScriptModule" preCondition="managedHandler" 
               type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, 
                     PublicKeyToken=31BF3856AD364E35"/>
          <add name="Tridion.ContentDelivery.AmbientData.HttpModule" type="Tridion.ContentDelivery.AmbientData.HttpModule" />
        </modules>
        <handlers>
          <remove name="WebServiceHandlerFactory-Integrated"/>
          <remove name="ScriptHandlerFactory"/>
          <remove name="ScriptHandlerFactoryAppServices"/>
          <remove name="ScriptResource"/>
          <remove name="WebDAV" />
          <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" 
               type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, 
                     Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" 
               type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, 
                     Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" 
               type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, 
                     Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        </handlers>
      </system.webServer>
    7. Ensure the presence of the following fragment directly below the previous fragment:
      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1" appliesTo="v2.0.50727">
          <dependentAssembly>
            <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
            <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
          </dependentAssembly>
          <dependentAssembly>
            <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
            <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
          </dependentAssembly>
        </assemblyBinding>
      </runtime>
      <system.serviceModel>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
        <behaviors>
          <endpointBehaviors>
            <behavior name="webHttp">
              <webHttp />
            </behavior>
          </endpointBehaviors>
        </behaviors>
        <services>
          <service name="Tridion.ContentDelivery.Webservice.AccessTokenService">
            <endpoint behaviorConfiguration="webHttp" bindingConfiguration="HttpBinding" binding="webHttpBinding" 
                      contract="Tridion.ContentDelivery.Webservice.IOAuth2AccessToken" />
          </service>
        </services>
        <bindings>
          <webHttpBinding>
            <binding name="HttpBinding" maxReceivedMessageSize="2097152" maxBufferSize="2097152">
              <readerQuotas maxArrayLength="81920" maxBytesPerRead="5120" maxDepth="32" 
                            maxNameTableCharCount="81920" maxStringContentLength="2097152" />
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="None" />
              </security>
            </binding>
          </webHttpBinding>
        </bindings>
      </system.serviceModel>
    8. If you use HTTPS, do the following:
      • In the endpoint element within the service element above, change the value of the bindingConfiguration attribute from HttpBinding to HttpsBinding.
      • Make sure that the following <binding> element is also inside the <webHttpBinding> element:
      <binding name="HttpsBinding" maxReceivedMessageSize="2097152" maxBufferSize="2097152">
        <readerQuotas maxArrayLength="81920" maxBytesPerRead="5120" maxDepth="32" maxNameTableCharCount="81920" 
                      maxStringContentLength="2097152" />
        <security mode="Transport">
          <transport clientCredentialType="None" />
        </security>
      </binding>
  12. Go to the root folder of the Archive Manager Explorer Web application, open web.config and add the following:
    <add key="oauth.url" value="" />
    <add key="client.id" value="username" />
    <add key="client.secret" value="password" />
  13. Save and close web.config.
  14. Encrypt passwords using the aspnet_regiis.exe tool—for more information, see Encrypting the web.config password.
  15. Restart the Web application.