1. NiceLabel Help Center
  2. Web Printing Installation
  3. Authentication

Authentication

Information in this chapter relates to changes in the web.config configuration file for the Web Printing site.

Note

If you don't change the path in the installer, the default web.config file location is c:\Program Files\NiceLabel\NiceLabel Web Printing\Web\.

Token-based authentication

When the existing Web application tries to use the print engine within Web Printing, it must first authenticate itself. Token-based authentication does not require any user data to be exposed in the URL.

The existing Web application calls for an authentication service, passing the user name and password as parameters only once. The response is a time-limited token. The token is used in the query parameter when communicating with Web Printing, so that it becomes known which solution file (.NSLN) must be used.

The Web Service IntegrationService supports the GetLoginToken method. This method accepts user name and password as the inbound parameters and provides token (GUID) as the outbound parameter.

Web Service

http://server/PowerFormsWeb/AuthenticationService/IntegrationService.asmx

Method

public string GetLoginToken(string username, string password)

Workflow that must be implemented at your end:

  1. The calling application passes the login data (user name, password) by calling the Web Service.

  2. The web service remembers the information.

  3. The web service returns the token to the calling application, identifying the current session.

  4. The calling application loads the solution by referring to the returned token (GUID) that is available in the URL query string:

    http://server/PowerFormsWeb/default.aspx?logintoken=1351ED23-9C74-411C-C887-40234952A116

    This is where you replace server with the name of your server, and PowerFormsWeb with the exact location at which you have installed Web Printing, and 1351ED23-9C74-411C-C887-40234952A116 with the token you have received from the authentication service.

  5. Web Printing provides the solution file that has been assigned to the provided user name.

  6. After the successful login, the token is invalidated and cannot be used again.

Forms authentication

Web Printing site uses native user authentication by default (Forms authentication). This authentication mode uses the user names for Web Clients as defined in the Control Center.

After opening the Web Printing site, the user is asked for his user name and password. Both are verified against the Web Printing user configuration in the Control Center. If authentication is successful, the user’s solution opens.

If you want to omit the display of the Login screen, you can force a specific user using parameters in the query string in the URL. In this case, the user has already logged in to some other application that has Web printing site embedded. The existing application will provide the user’s username/password in the query string, as shown in the following example.

Web Printing site opens using URL, such as:

http://server/PowerFormsWeb/default.aspx?UserName=<username>&Password=<password>

Where the <username> is the name of the Web Client and the <password> is a password of the same user account as defined in Control Center. If the listed user exists, the solution defined for the user account opens.

With the default installation of the Web Printing site, the <password> is formatted as plain text. To protect the password, you can enable the Advanced Encryption Standard (AES) and encrypt the password in the query string.

To enable password encryption, do the following:

  1. Open web.config in a text editor.

  2. Navigate to the section <appSettings></appSettings> and insert the following two keys:

    <configuration>
<appSettings>
<add key="PasswordKey" value="passwordkey" />
</appSettings>

  3. Enter values for the fields passwordkey (password key) and paswordiv (password initialization vector). The password key length ranges from 16 to 32 characters, initialization vector length must be set to 16 characters.

  4. passwordkey and paswordiv field values decrypt the encrypted password provided in the query string. If the decrypted password matches the user name and password as defined for the Web Printing user in the Control Center, the associated solution loads.

For testing purposes of encrypting and decrypting the password, you can use the application PasswordGenerator.exe that you can find on NiceLabel DVD in the folder \Utility\AES Password Encrypter.

For example, the user test uses a password veryhardtoguess. The URL would be formed as

http://<server>/PowerFormsWeb/default.aspx?UserName=test&Password=uEe6X5Cy9Xjhad2PmKlowg%3d%3d

Note

The passwordkey and passwordiv parameters define the actual password encryption algorithm. Different combinations of these parameters result in differently encrypted passwords.

Windows authentication

If the Web Printing site is embedded in a different Web page, user authentication has in most cases already been done in that Web application using Windows authentication. In such cases, the default behavior of the Web Printing site can be changed to inherit the previously provided authentication.

When a user accesses the Web printing site from within the enterprise (inside the domain), Windows authentication can be used. In this case, the user is automatically identified by his Windows account, and no additional login is necessary.

To change the authentication mode on your system, modify the following settings:

  1. Change the system.web/authentication in the web.config file. The web.config file is located in the Web site root folder. This action sets the authentication to the correct mode.

    • Setting before change: <authentication mode="Forms"/>

    • Setting after change: <authentication mode="Windows"/>

  2. Change the system.web/authorization in web.config file. The web.config file is located in the Web site root folder. This allows all users to access this site.

    • Setting before change: <deny users="?"/>

    • Setting after change: <allow users="*" />

  3. Open IIS manager and navigate to Sites/Default Web Site/PowerFormsWeb. Open the Configuration Editor and complete the following steps:

    Step 1: Select Unlock Section for:

    • Section set: system.webServer/security/authentication/windowsAuthentication.

    • From set: ApplicationHost.Config <location path='Default Web Site/PowerFormsWeb' />.

    Step 2: Change Enabled option from False to True for:

    • Section set: system.webServer/security/authentication/windowsAuthentication.

    • From set: Default Web Site/PowerFormsWeb Web.Config.

    WPIG20193_windows_authentication_IIS_config.png

After you enable Windows authentication in Web Printing, user authentication is no longer done inside Web Printing, but within the Web server (IIS).

Furthermore, logon options can be also configured using Internet Properties for the Local Intranet Zone:

  • Automatic logon options: Browser forwards the credentials of the currently logged-in user to the Web server. The user is logged-in automatically.

  • Prompt for user name and password: Browser does not forward the credentials of the currently logged-in user. The user has to re-enter username and password.

windows authentication-browser settngs.png