Solution

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

Subject:

Solution

In case anyone is interested, I managed to find a solution for this. In the end, I didn't use the Websphere plugin (IBM confirmed that it doesn't provide Forms authentication). I wrote an asp.net form that requested the page from Domino (passing a Domino URL to the asp.net form in the querystring).

I modified the NOTES.INI on the Domino server to have the following setting:

HTTPEnableConnectorHeaders=1

This reduces the security of the HTTP task and hence I modified the HTTP task settings so that it would only accept requests from the IIS server. As extra security, I also modified the firewall settings so that ports 80 and 443 would only accept connections from the IIS server.

This means that the web-site's forms authentication provides the security layer I require.

The ASP.NET form fetches the required page from Domino passing a header $WSRU with the user ID value. This user ID is the forms authentication user name.

The ACL on any databases accessed by IIS on Domino must include either the full user name or the group "-WebPreAuthenticated-" (the minus signs are required).

For example, say the ASP.NET user name is fbloggs, you will need a person document with a short name of fbloggs, perhaps with a full name of Fred Bloggs/ou1/ou2/org.

The ACL will need either Fred Bloggs/ou1/ou2/org explicitly listed or in a group if you wish for Domino to resolve the user ID into the user's full name (perhaps by using @UserName in any formulae).

This works surprising well. Should you need the ASP.NET code, please post a response to this thread and I'll email it to you.

Feedback response number WEBB8KNBXB created by ~Olga Zekfanamaroopsi on 08/12/2011

Return to top

IIS Forms authentication and Domino... (~Olga Zekfanama... 15.Jul.11)

. . Solution (~Olga Zekfanama... 12.Aug.11)

Printer-friendly

Search this forum

Member Tools

RSS Feeds

RSS feeds

	All forum posts RSS
	All main topics RSS