Custom Authentication
Overview
The majority of WorkflowGen clients use the Windows Integrated Authentication in IIS, although several other modes are supported. By using Integrated Authentication, users are seamlessly authenticated to WorkflowGen by using the Windows local session (network password) of the user.
WorkflowGen also supports .NET web form-based authentication and Custom HTTP modules for SSO integration.
SSO using a .NET custom HTTP module
The advantage of the custom HTTP module solution is that it secures all WorkflowGen HTTP requests, including web services. It also provides more customization possibilities than the form authentication-based solution.
This section focuses on the custom authentication module solution.
Note: We recommend securing the WorkflowGen website with SSL and using encryption to secure the token. The code provided below is a basic sample, so you may have to customize it to enforce security and hide detailed error messages.
WorkflowGen Custom module authentication configuration
Configure WorkflowGen to use Custom authentication module. Download
CustomAuthModuleSSO.zip
, unzip it, and copy theCustomAuthModuleSSO.dll
file into the following folders:\wfgen\bin
\wfgen\ws\bin
\wfgen\wfapps\webapp\eformaspx\bin
\wfgen\wfapps\webforms\bin
All other
\bin
folders under\wfgen
Alternately, you can install the DLL in the GAC to avoid DLL duplication in the
\bin
subfolders. In this case, you must also install its dependencies (Advantys.My.dll
andAdvantys.Security.dll
) in the GAC.In IIS, change the Authentication configuration. Enable "anonymous" on all IIS applications in the WorkflowGen website:
\wfgen
\wfgen\ws
\wfgen\wfapps\webforms
\wfgen\wfapps\webapps\eformaspx
\wfgen\wfapps\webapps
All other web applications you use in your processes
Note: The subfolders in the
\wfgen\wfapps\webservices
folder must use basic authentication.Create a Visual Studio project to edit the
CustomAuthModuleSSO.cs
file. In the Authentication function, change the following variables according to your tier app:Cookie or Url param name where the username is base64 encoded or encrypted: string
tokenName="token";
Your tier app Login URL to use when an authentication is required: string
ssoLoginUrl="/remotesso.aspx";
The encryption key used to decrypt the token: string
privateKey="mykey";
Activate encryption (true) or use base64 encoding (false) bool
decryptUsername=false;
Tier application configuration
Call WorkflowGen with the token. Your tier app has to encode (or encrypt) the username.
Put the encoded username into a cookie (set to a parent domain), a URL parameter (the token value has to be URL encoded) or an HTTP header (for web service calls).
If a cookie:
http://www.yourwfgwebsite.yourdomain.com/wfgen
If a URL parameter:
http://www.yourwfgwebsite.yourdomain.com/wfgen/?token=........
If you have to call WorkflowGen web services, you must add an HTTP header with the token value.
Manage the authentication request from WorkflowGen.
WorkflowGen calls your tier app login URL when authentication is required (session timeout, sign out, direct access to WorkflowGen).
WorkflowGen adds the
ReturnUrl
parameter to the URL. You must resend it to the login URL you use to call WorkflowGen following authentication.
Examples
WorkflowGen calls your tier app login:
http://www.yourwebsite.youdomain.com/yourlogin?ReturnUrl=%2fwfgen%2fshow.aspx%3fQUERY%3dCONTEXT
Your tier app login calls WorkflowGen login URL:
http://www.yourwfgwebsite.youdomain.com/wfgen/loginsso.aspx?token=YXJuYXVk&ReturnUrl=%2fwfgen%2fshow.aspx%3fQUERY%3dCONTEXT
Manage the sign out request done by the tier app to log out the user in WorkflowGen.
Your tier app login calls WorkflowGen login URL with the
signout=true
querystring parameterhttp://www.yourwfgwebsite.youdomain.com/wfgen/loginsso.aspx?signout=true
You can customize the
loginsso.aspx
source to manage the redirection the way you want in this case.
Encryption Method
The example provided supports base64 encoding or encryption. For the encryption option, loginsso.aspx
uses 3DES mode ECB with MD5 to hash the private key by default. You can customize the loginsso.aspx
code according to your requirements.
PHP code example
Sample code for an HTTP module
Overview
This sample is an HTTP module that uses HTTP authentication. You must insert your own method to authenticate users.
For more information about Custom HTTP module development, please refer to the .NET documentation.
Source code
Last updated