There is approach on allowDirectLoginToStation for Windows Authentication (refer to references section below) but the know-how for default Form Authentication is not known. Is it possible that we could configure and use the direct access when using Form Authentication so as to skip the login page and get to the specific application and web station?
It was understood that it does not work for all the Web Host (WebScan, WebFrontOffice and WebValidate) at eFlow.
The direct login using default Form Authentication is only valid for WebScan and WebFrontOffice, not for WebValidate. This is due to the demand history in the past when this direct login feature was first made available on eFlow 5.1 using Form Authentication.
It is still not working after setting the web.config as it still requires adding parameters to the URL in order to achieve the direct access.
The parameters are visible and it is a consideration especially if it is considered as sensitive.
- It may be possible (not guaranteed, refer to reference section below for ideas) to hide parameters but this may need PS work to check for feasibility.
The feature is not available for WebValidate. Below is only for WebScan and WebFrontOffice.
In each eFLOW Web Host (WebScan/WebFrontOffice), there is web.config file and in it, there is this param:
- <add key="allowDirectLogInToStation" value="False" />
- e.g. C:\inetpub\wwwroot\WebScan\Web.config and C:\inetpub\wwwroot\WebFrontOffice\Web.config
The default WebScan/WebFrontOffice login flow is as follows
- User need to access the WebScan / WebFrontOffice URL ( e.g. http://localhost/WebScan, http://localhost/WebFrontOffice)
- Provide the Login credentials
- Select Application and Station
- Start scanning for WebScan, or for WebFrontOffice to fetch the collection and work on collection organization and/or manual data entry
By default, the eFlow Web Host (WebScan / WebFrontOffice) is configured to use Anonymous and Forms Authentication so we are leaving it as it is since we are using Form Authentication approach.
The flag allowDirectLogInToStation when set to true enables users to directly access the web station skipping step 1-3 using following URL format.
- http://<<Server>>/<WebHost e.g. WebScan or WebFrontOffice>/Management/LoginToStation?applicationName=<<ApplicationName>>&stationName=<<StationName>>&userName=<<User ID from UserIds.xml>>&password=<<passord of the ID from UserIds.xml>>&isRememberMe=false
- Example: http://localhost/WebScan/Management/LoginToStation?applicationName=WebAdvanceDemo&stationName=ScanPortal&userName=CustomUser1&password=abcpassword&isRememberMe=false
- The userName and password are 2 additional parameters required for direct access using Form Authentication.
- The application and station name is case sensitive as per how it was named at the Visual Designer.
- There does not seem to have any impact when "IsRememberMe=false" or "true" as it is using the same structure from windows authentication on direct station access, but this param is mandatory.
It is critical to remember that although the credential used is from UserIds.xml but the ID will still need to have the correct permission configured at DomainSecurity.xml so that the role will be valid as authorized to use the Web station.
- In the past, it was tested with eFlow 5.1 + patches.
- In-between versions were not tested.
- Recent test done was either on eFlow 220.127.116.11 or 18.104.22.168.
Level of Complexity
|eFlow||5.1+ to 6.X|
- KB - Configure eFlow Web Station Direct Access (Windows Authentication)
- The screen shot below indicates the Web Host accessing is using IP address as an example. This is not a guaranteed (non-official) approach but as ideas on possible implementation that needs to go through trials and errors or to be verified.