Impersonation Failed. error
Man, this forum software totally garbled my message which had example Web.config tags presented. It clearly thought it was all supposed to be HTML. So I've replaced them all with parens, hope that's not too confusing. And the Add Tags popup is always in my face in IE, I wish I could make that go away...
At any rate, here's a second attempt at a post:
So I'm trying to get the Custom Authentication SDK example working. I've traced through the code and it all seems to be executing properly, but the final call to
CustomAuthenticator.CreateIdentity(userName) is returning an IIdentity with IsAuthenticated set to FALSE. The user is correct, the token is correct, it all seems to be working as designed, but it fails to login.
I've insured the SpotfireWeb site in IIS is configured with all auth options DISABLED except Anonymous. The Spotfire Server config has Impersonation Enabled set to YES, and I've rebooted the entire machine. And the Web Server web config has the (deny tag commented out, the (impersonation enabled tag set to true, the (customauthenticator tag added, and the ImpersonationUserName and ImpersonatorPassword settings set (I presume the password is in clear text here? If not, then what?). Both parts of the example code are executing, the site that gets the initial token and passes it to the SpotfireWeb, and the extension DLL that's been added to the SpotfireWeb and it's Web.config, and it seems to be doing everything that it's supposed to do. But checking the result IIDentity object returned from CreateIdentity, I get the following:
SpotfireIdentity: (username), IsAuthenticated False, AllowPreAuthenticate True, Authentication Type = Basic.
It's that last one that looks suspicious, but Basic authentication is DISABLED in IIS, so I'm not sure where it's getting this "Basic" setting...
The site was formerly configured for Forms authentication, and the Web.config has this in it:
(authentication serverUrl="http://(ip_address):8080" enableAutocomplete="false")
Is that supposed to be removed? I didn't configure it originally.
I also see under (system.web) the definitions:
(authentication mode="Windows") (forms loginUrl="~/Login.aspx" cookieless="UseCookies" defaultUrl="~/Default.aspx" slidingExpiration="true" timeout="525600" /)
Though I see the (authentication mode="Forms") tag is commented out, which was already done in the config file. Do either of these above options need to be changed or removed?
The string "basic" does not appear in the Web.config file at all, though there is this tag early on, in the (section group with a name of Spotfire.dxp.web:
(section name="authentication" type="Spotfire.Dxp.Web.Configuration.AuthenticationSection, Spotfire.Dxp.Web" requirePermission="false" /)
There must be some config option missing or wrong, but I have no idea what might cause the CreateIdentity call to come back with IsAuthenticated=False. I've created a Spotfire user and added him to the Spotfire Impersonator group, as well as the admin group and a few others, and had verified he can login to Spotfire back when the setup was configured for Forms auth, so I know the user & his creds should be good, and that's what's in the Web Config for ImpersonationUser & pw...
Any ideas what I might be missing?