ISHSTS with Windows Authentication
You need to perform several settings before ISHSTS can provide Windows Authentication. Both server and SQL server database must be properly configured. You can either make these settings manually or use the scripts provided with the package.
ISHSTS is automatically configured through the installation.
InstallTool creates an application pool such as TrisoftAppPoolISHSTS based on the input parameter infosharestswebappname. The application pool is assigned an identity based on the input parameter osuser. This user is responsible for hosting the endpoints provided by ISHSTS
Service Principal Names defined in the Active Directory must be made, either manually or through a script.
- Application pool identity
-
A change of the application pool identity in order to use the integrated
ApplicationPoolIdentity. This changes the user who hosts the endpoints to an account that the correctService Principal Namesis assigned to. The expectedService Principal Namesarehttp/baseurlhost/baseurl
- Read permissions
-
Read permissions to the token signing certificate's private key are assigned to the
IIS AppPool\infosharestswebappname. The token signing certificate in ISHSTS is configured through the InstallTool parameterissuercertificatethumbprintRead/write permissions to the three target installation paths defined in the input parameters are assigned to theIIS AppPool\infosharestswebappname:webpathdatapathapppath
- Integrated authentication
-
If the database is SQL Server and the connection string utilizes integrated authentication then we grant the computer account permissions to the database.
The only permission required is
SELECT