Configuring DSS Web.config for Run-Time Authentication (RTA)

Run-Time Authentication (RTA) is installed by default and configured for Active Directory (AD) or LDAP authentication. To use these features, first configure RTA according to the following steps.

To configure DSS Web.config:
  1. Navigate to your DSS root directory e.g., [Drive]:[path-to-DSS-root-folder]).
  2. Open Web.config in a text editor.
  3. Find the <runtimeAuthSettings> element, and set the @enabled attribute to true. This enables the default AD plug-in.
  4. Verify that the <runtimeAuthSettings> element within your Web.config is comparable to the following:
    <!-- RuntimeAuth Settings -->
    <runtimeAuthSettings enabled="false" allowMediaStreamingInProtectedFolders="false"
        allowedRequestIPs="" auth_backgroundAuthentication="false"
        auth_failureMessage="Authentication Failed. Invalid User Name or Password."
        auth_passwordFieldName="pass" auth_userFieldName="user" authenticationPageList="x191.xml"
        binaryDownloadPage="" forbiddenFolders="settings" forbiddenFoldersResponsePage="x13.xml"
        homePage="x11.xml" loginHandlerPageMockup="login" loginPagePath="x192.xml"
        logoutHandlerPageMockup="logout" protectedBinaryFolders="documents/secured"
            <add name="ADAuthPlugin.dll"/>
    Both AD and LDAP rely on the ADAuthPlugin.dll.
  5. Optional: You can configure the following attributes in the <runtimeAuthSettings> element:
    @enabledMust be set to true. Determines if RTA is turned on.
    @allowMediaStreamingInProtectedFoldersIf set to true, enables the publishing of streaming media resources in protected folders.
    @allowedRequestIPsThe list of IP addresses allowed to request session data from the CMS. Use this when securely integrating third-party applications with RTA.
    @auth_backgroundAuthenticationIf set to true, enables background authentication and causes RTA to validate session details against external SSO (single sign-on) locations.
    @auth_failureMessage The error message displays to users whose credentials cannot be authenticated.
    @auth_passwordFieldNameConfiguration for the login form field name. If unspecified, uses the default password value.
    @auth_userFieldNameConfiguration for the username form field name. If unspecified, uses the default username value.
    @binaryDownloadPageThe xID or URL that specifies the page to which users should be redirected when requesting to download a protected media item.
    @forbiddenFoldersThe website folders to which access is always forbidden, regardless of the user's authentication status. Typically includes the settings and StyleSheets directories.
    @forbiddenFoldersResponsePageThe xID or URL of the pages to which users are directed when their credentials cannot be authenticated.
    @homePageThe xID of the home page.
    @loginHandlerPageMockupThe URL for logging in users. If unspecified, uses the default login.ashx value.
    @authenticationPageListThe xID that contains the list of pages that require authentication.
    @loginPagePathThe xID.xml of the login page that displays when users attempt to access protected pages.
    @logoutHandlerPageMockupThe URL for logging out users. If unspecified, uses the default logout.ashx value.
    @protectedBinaryFoldersThe list of website folders that require authentication for access. Defined folders have their contents protected. Typically, use this to authenticate access to asset folders.
    @redirectionQueryStringNameThe name of the redirection query string.
  6. Save and close Web.config.

Next Steps: Set up page types for RTA.