Overview
This section details the different methods to authenticate WorkflowGen users, which are:
Integrated Windows authentication (ensured by IIS)
IIS HTTP Basic authentication (ensured by IIS)
WorkflowGen HTTP Basic authentication (ensured by HttpModule)
Custom HTTP Basic authentication (ensured by HttpModule)
Form authentication (ensured by .NET)
Choose one of these according to your needs, and apply the required settings to implement it with your WorkflowGen instance.
Which authentication mode to choose?
If you don’t know which authentication mode to choose, follow the procedures below based on your situation:
If all WorkflowGen users are managed in Active Directories, which is accessible from the web server hosting WorkflowGen, then you can choose one of these authentication modes:
Integrated Windows authentication (ensured by IIS)
IIS HTTP Basic authentication (ensured by IIS)
If item 1 above applies to your situation, and you want to provide transparent authentication by using the current Windows session of the users, choose the following authentication mode:
Integrated Windows authentication (ensured by IIS)
If item 1 above does not apply to your situation, and all WorkflowGen users are managed in an external application such a database or authenticated by a SSO solution, choose one of these authentication modes:
Custom HTTP Basic authentication (ensured by HttpModule)
Form authentication (ensured by .NET)
If neither item 1 nor item 3 applies to your situation because you do not have any directory or other authentication solutions, you can choose only the following authentication mode:
WorkflowGen HTTP Basic authentication (ensured by HttpModule)
Note: For all HTTP basic and form authentication modes, it is strongly recommended to use SSL because passwords are not encrypted.
Authentication methods
Integrated Windows authentication
IIS and WorkflowGen settings
Open the WorkflowGen Configuration panel. In the Authentication section on the General tab, select IIS mode.
Enable Integrated Windows authentication access on the WorkflowGen website and disable all built-in access mechanisms. Apply this setting on all sub-applications except the
graphql
andws
applications.
IIS HTTP basic authentication
IIS and WorkflowGen settings
Open the WorkflowGen Configuration panel. In the Authentication section on the General tab, select IIS mode.
Enable Basic authentication access on the WorkflowGen website and disable all built-in access mechanisms. Apply this setting to all sub-applications.
WorkflowGen HTTP basic authentication
IIS and WorkflowGen settings
To use WorkflowGen authentication, ensure that the directories have the Passwords are managed by WorkflowGen option selected, which allows you to set up a password for each user. Ensure that your current user has a WorkflowGen password associated with it, or you will be locked out.
Open the WorkflowGen Configuration panel and change the settings in the Authentication section on the General tab as follows:
Set Mode to WorkflowGen.
Choose your password management mode: Version 5 uses the same password management mode as earlier versions of WorkflowGen, while One-way Hashing stores hashed account passwords in the WorkflowGen database, which provides enhanced security.
Set the maximum number of failed login attempts before a user’s account is locked.
Set the minimum number of characters for a password.
In IIS, enable anonymous access on the WorkflowGen website and disable all built-in access mechanisms. Apply this setting to all sub-applications.
The "Advantys.My.dll" and "Advantys.Security.dll" assemblies must be copied to the \bin folders of your web forms. Your web services must continue to use Basic or Integrated Authentication.
If you are using IIS 7 and above using an application pool in Classic Managed Pipeline Mode, the following will be added to your "\wfgen\web.config":
If you are using IIS 7 and above using an application pool in Integrated Managed Pipeline Mode, the following will be added to your "\wfgen\web.config":
Custom HTTP basic authentication
IIS and WorkflowGen settings
Modify the sample code to validate the credentials passed over HTTP Basic against the external configuration repository.
Build your module and copy the assembly DLL into the \wfgen\bin and \wfgen\wfapps\webforms\bin folders.
Your assembly DLL must be copied to all \bin folders of your web forms. Your web services can use Basic or Integrated authentication, or your custom HTTP Module.
Open the WorkflowGen Configuration panel and change the settings in the Authentication section as follows:
Set Mode to Applicative.
Set Method to Custom.
Enter the name of the HTTP Module.
Enable anonymous access on the WorkflowGen website and disable all built-in access mechanisms. Apply this setting on all sub-applications.
If you are using IIS 7 and above using an application pool in Classic Managed Pipeline Mode, the following will be added to your "\wfgen\web.config":
If you are using IIS 7 and above using an application pool in Integrated Managed Pipeline Mode, the following will be added to your "\wfgen\web.config":
Form authentication
IIS and WorkflowGen settings
Modify the "login.aspx" code to validate the credentials passed over HTTP Basic against the external configuration repository. If you don’t have any external configuration repository, you can add users directly in the web.config of WorkflowGen (refer to the .NET documentation).
The "login.aspx" file must be copied to all of your webforms folders. This should only be applied to webforms. Web services must continue to use either Basic or Integrated authentication and therefore the "login.aspx" page cannot be used for them.
In the WorkflowGen web.config, register the authentication form:
Set the authentication to Windows for each WorkflowGen WebService application "web.config" file and reset the security settings to Basic or Integrated in IIS for these folders.
Enable anonymous access on the WorkflowGen website and disable all built-in access mechanisms. Apply this setting on all sub-applications.
HTTPS: Using SSL with WorkflowGen
Overview
This section describes how to configure WorkflowGen to use SSL connection security level on the website.
IIS configuration
Activate SSL authentication for your WorkflowGen website.
Application parameters to update
You must update the following parameter in the WorkflowGen configuration (click on the Configuration panel from the Administration Module home page):
Web application URL: you must update the protocol of the base URL of the application to "https://".
Links to WorkflowGen
Change the links to WorkflowGen to use "https://" instead of "http://".
Cross-origin resource sharing (CORS)
Add the
cors
node with the list of external domains and their methods and headers (where HTTP requests will be allowed) to the WorkflowGen web configuration settings (located in\wfgen\web.config
). See some common examples below.
📌 Example 1: Allow all origins
📌 Example 2: Allow specific origins
Last updated