SingleSignOn

When running Turnkey in Intraweb scenarios, you will want to use SSO or single sign-on for your authenticated users.

In IIS, do this:

  • AppPool - Managed Pipeline set to Integrated mode
  • Authentication - Disabled: Anonymous Authentication
  • Authentication - Disabled: ASP.NET Impersonation
  • Authentication - Enabled: Windows Authentication

In the MDriven Turnkey web config, do this: THIS IS OLD

<appSettings>      
   ...
   <add key="owin:AutomaticAppStartup" value="false"/>       <-- Add this to stop the turnkey standard OWin
</appSettings>  

Instead of the above (that not only shutsdown owin but also signalR) you add this setting to TurnkeySettings.xml:

<TurnOffOWINButKeepSignalR>true</TurnOffOWINButKeepSignalR>

This is still good:

<system.web>        

  <authentication mode="None" />      <--- remove this line

  <authentication mode="Windows" />         <-- Add this and the lines below
  <authorization>             
      <deny users="?"/>          
  </authorization>          
</system.web>

Tip: Consider adding the modified Web.config.Something to _AssetsTK. This way, it will be available in the Turnkey catalog if it is replaced by Turnkey re-deploy.

This page was edited 150 days ago on 06/17/2024. What links here