How to change authentication of an existing Microsoft Dynamics AX 4.0 Enterprise Portal (EP) site to use IIS Basic Authentication


We came across a request recently where we had an Internet facing AX 4.0 Enterprise Portal (EP) setup already with SSL and using Windows Authentication, running on Windows Server 2003 R2 SP2 (x86). The customer requirement was to use Basic Authentication with SSL instead and also not have to specify the domain name in the user credentials when authenticating with EP (i.e instead of typing domainname\username, just be able to specify username).


As stated in the AX 4.0 setup guides (http://msdn.microsoft.com/en-us/library/aa834430(AX.10).aspx) when using SSL you can use Basic Authentication for Internet facing Enterprise Portal sites. To set up Basic Authentication on a site that is already protected with SSL do the following:


1. Start -> Administrative tools -> and then click SharePoint 3.0 Central Administration.


2. Click the Application Management tab. Then, click Authentication providers under Application Security on the Application Management page.


3. On the Authentication Providers page, click the down arrow in the Web Application box, click Change Web Application, and then click the Web application that you want to configure.


4. Under Membership Provider Name, click Windows. Then, in the IIS Authentication Settings area of the Edit Authentication page, click to clear the Integrated Authentication checkbox.


5. Click to select the Basic authentication (password is sent in clear text) check box and Anonymous Authentication checkbox.


6. Go to IIS Manager


7. Go to Web site where Enterprise Portal is created on


8. Right click on the site and select “Properties”


9. Go to Directory security tab


10. Under Authentication and access control click on “Edit” button


11. Uncheck “Integrated Windows Authentication”


12. Check Basic authentication (password is sent in clear text) and select Default domain (Active Directory Domain) and Realm. After this action you should be able to log in with just your username and password without having to specify the domain name. Please note when using Basic Authentication, you cannot use Internet Explorer to automatically log you on with your logged on credentials. You will get an authentication prompt each time you access the site.


Please note: We do NOT recommend using Basic Authentication without first taking steps to protect the site adequately with SSL. Secure Sockets Layer (SSL) is a protocol that allows Web servers and clients to communicate more securely through the use of encryption. When SSL is not used, data sent between the client and server is vulnerable to observation by anyone with physical access to the network. To implement SSL, you must install a certificate and a private encryption key on the Web server. For more information about implementing SSL, refer to: 



  • IIS Operations Guide (which can be found by searching on TechNet)

  • Knowledge Base article 298805

 

Comments (2)

  1. Amit Chauhan says:

    Great post. I tried this out on a test environment, and the login worked fine. However I get problems when adding User Relations in the AX Client. It seems like the client cannot authenticate with WSS to add the users. Any ideas?

  2. EMEAAXTec says:

    Hello,

    This is known problem with Dynamics AX 4.0. Sometime Dynamics AX client has problem to communicate with WSS or Microsoft SharePoint Office Server. In Dynamics AX 2009 the tab 'Web sites' has been removed. So the easier way to workaround this will be just adding users directly from Enterprise Portal SharePoint site. You can just go to 'Site Actions' -> 'Site Settings' and the from 'Users and Permissions' groups select 'People and groups' and then you can add or needed users / groups.

    Of course each of the user which has access to Enterprise Portal site should also be assigned to correct  Dynamics AX group.

    Kind regards

    Czesława Langowska

    (Member of the EMEA Dynamics AX Support Blog Team)