Setting up authentication for the Archive Manager Web service
Authentication improves the Archive Manager Web service security.
Procedure
- Access the SDL Tridion installation media.
- Navigate to the \Content Delivery\roles\webservice\java\lib\ folder and copy the following files from this location:
- cd_ambient.jar
- cd_core.jar
- cd_dynamic.jar
- cd_model.jar
- cd_odata.jar
- cd_odata_types.jar
to the following destination directory depending on the technology you use:
- If you use Java, copy the contents of this folder to the /WEB-INF/lib/ directory of your Web application.
- If you use .NET, copy the contents of this folder to the bin\lib\ folder of your Web application.
- Similarly, copy the contents of the \Content Delivery\roles\webservice\java\third-party-lib\ folder to /WEB-INF/lib/ or \bin\lib\.
- If you have a .NET Web service, depending on the bit size of your operating system copy all the DLLs from one of the following locations to the bin\ folder of your Web application:
- On a 32-bit system, go to the \Content Delivery\roles\webservice\dotNet\dll\x86_64\ folder.
- On a 64-bit system, go to the \Content Delivery\roles\webservice\dotNet\dll\x64\ folder.
- Navigate to the \Content Delivery\resources\configurations\ folder and copy the following files to the /WEB-INF/classes/ (for Java) or to \bin\config\ (for .NET):
- cd_ambient_conf_sample.xml
- cd_webservice_conf_sample.xml
- cd_storage_conf_sample.xml (only required if you have a .NET Web service)
- Rename the configuration files:
- cd_ambient_conf_sample.xml to cd_ambient_conf.xml
- cd_webservice_conf_sample.xml to cd_webservice_conf.xml
- cd_storage_conf_sample.xml to cd_storage_conf.xml
- Open cd_ambient_conf.xml and make sure to exclude the path from the Ambient Data Framework by adding one of the following to the configuration:
- JSP
-
<ExcludedPaths> <Path>/access_token</Path> </ExcludedPaths> - .NET
-
<ExcludedPaths> <Path>/access_token.svc</Path> </ExcludedPaths>
- If you have a .NET Web service, go to the \Content Delivery\roles\webservice\dotNet\ folder and copy the file access_token.svc to the root of your Web service.
- Open cd_webservice_conf.xml and edit to set a password. Encrypt the password using the tool provided—for more information, see Encrypting sensitive strings.
- If you have a Java Web service, open the web.xml file in the Web application and ensure that the following section is present:
<filter> <filter-name>Ambient Data Framework</filter-name> <filter-class>com.tridion.ambientdata.web.AmbientDataServletFilter</filter-class> </filter> <filter-mapping> <filter-name>Ambient Data Framework</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>Content Delivery Authorization Server</servlet-name> <servlet-class>com.tridion.webservice.security.authentication.OAuth2AccessTokenHandler</servlet-class> </servlet> <servlet-mapping> <servlet-name>Content Delivery Authorization Server</servlet-name> <url-pattern>/access_token</url-pattern> </servlet-mapping> - If you have a .NET Web service, open the web.config file in the Web application and do the following:
- If you use .NET 4.0, ensure the presence of the following
<configSections>section:<configSections> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </sectionGroup> </sectionGroup> </configSections> - If you use .NET 3.5, ensure the presence of the following
<configSections>section:<configSections> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/> <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> </sectionGroup> </sectionGroup> </sectionGroup> </configSections> - Ensure the presence of the following elements inside the
assembliessection:<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> - Ensure the presence of the following fragment directly above the
</system.web>closing tag:<pages> <controls> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </controls> </pages> <httpHandlers> <remove verb="*" path="*.asmx"/> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> <add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory" /> </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="Tridion.ContentDelivery.AmbientData.HttpModule" type="Tridion.ContentDelivery.AmbientData.HttpModule" /> </httpModules> - Ensure the presence of the following fragment directly below the
</system.web>closing tag:<system.codedom> <compilers> <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <providerOption name="CompilerVersion" value="v3.5"/> <providerOption name="WarnAsError" value="false"/> </compiler> </compilers> </system.codedom> - Only if you use IIS 7.5, ensure the presence of the following fragment directly below the previous one:
<system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules> <remove name="ScriptModule"/> <remove name="WebDAVModule" /> <remove name="FileAuthorization" /> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="Tridion.ContentDelivery.AmbientData.HttpModule" type="Tridion.ContentDelivery.AmbientData.HttpModule" /> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated"/> <remove name="ScriptHandlerFactory"/> <remove name="ScriptHandlerFactoryAppServices"/> <remove name="ScriptResource"/> <remove name="WebDAV" /> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </handlers> </system.webServer> - Ensure the presence of the following fragment directly below the previous fragment:
<runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1" appliesTo="v2.0.50727"> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> </assemblyBinding> </runtime> <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> <behaviors> <endpointBehaviors> <behavior name="webHttp"> <webHttp /> </behavior> </endpointBehaviors> </behaviors> <services> <service name="Tridion.ContentDelivery.Webservice.AccessTokenService"> <endpoint behaviorConfiguration="webHttp" bindingConfiguration="HttpBinding" binding="webHttpBinding" contract="Tridion.ContentDelivery.Webservice.IOAuth2AccessToken" /> </service> </services> <bindings> <webHttpBinding> <binding name="HttpBinding" maxReceivedMessageSize="2097152" maxBufferSize="2097152"> <readerQuotas maxArrayLength="81920" maxBytesPerRead="5120" maxDepth="32" maxNameTableCharCount="81920" maxStringContentLength="2097152" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="None" /> </security> </binding> </webHttpBinding> </bindings> </system.serviceModel> - If you use HTTPS, do the following:
- In the
endpointelement within theserviceelement above, change the value of thebindingConfigurationattribute fromHttpBindingtoHttpsBinding. - Make sure that the following
<binding>element is also inside the<webHttpBinding>element:
<binding name="HttpsBinding" maxReceivedMessageSize="2097152" maxBufferSize="2097152"> <readerQuotas maxArrayLength="81920" maxBytesPerRead="5120" maxDepth="32" maxNameTableCharCount="81920" maxStringContentLength="2097152" /> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> - In the
- If you use .NET 4.0, ensure the presence of the following
- Go to the root folder of the Archive Manager Explorer Web application, open web.config and add the following:
<add key="oauth.url" value="" /> <add key="client.id" value="username" /> <add key="client.secret" value="password" /> - Save and close web.config.
- Encrypt passwords using the
aspnet_regiis.exetool—for more information, see Encrypting the web.config password. - Restart the Web application.