Run-Time Authentication (RTA) is installed by default and configured for Active Directory (AD) or LDAP authentication. To use these features, first configure RTA according to the following steps.

To configure DSS Web.config:

1. Navigate to your DSS root directory e.g., [Drive]:[path-to-DSS-root-folder]).
2. Open Web.config in a text editor.
3. Find the runtimeAuthSettings element, and set the enabled attribute to true. This enables the default AD plug-in.
4. Verify that the runtimeAuthSettings element within your Web.config is comparable to the following:

   <!-- RuntimeAuth Settings -->
   <runtimeAuthSettings enabled="false" allowMediaStreamingInProtectedFolders="false"
       allowedRequestIPs="" auth_backgroundAuthentication="false"
       auth_failureMessage="Authentication Failed. Invalid User Name or Password."
       auth_passwordFieldName="pass" auth_userFieldName="user" authenticationPageList="x191.xml"
       binaryDownloadPage="" forbiddenFolders="settings" forbiddenFoldersResponsePage="x13.xml"
       homePage="x11.xml" loginHandlerPageMockup="login" loginPagePath="x192.xml"
       logoutHandlerPageMockup="logout" protectedBinaryFolders="documents/secured"
       redirectionQueryStringName="redir">
       <plugins>
           <add name="ADAuthPlugin.dll"/>
       </plugins>
   </runtimeAuthSettings>
   

   Note: Both AD and LDAP rely on the ADAuthPlugin.dll.

5. Optional: You can configure the following attributes in the runtimeAuthSettings element:

   Attribute	Description
   enabled	Must be set to true. Determines if RTA is turned on.
   allowMediaStreamingInProtectedFolders	If set to true, enables the publishing of streaming media resources in protected folders.
   allowedRequestIPs	The list of IP addresses allowed to request session data from the CMS. Use this when securely integrating third-party applications with RTA.
   auth_backgroundAuthentication	If set to true, enables background authentication and causes RTA to validate session details against external SSO (single sign-on) locations.
   auth_failureMessage	The error message displays to users whose credentials cannot be authenticated.
   auth_passwordFieldName	Configuration for the login form field name. If unspecified, uses the default password value.
   auth_userFieldName	Configuration for the username form field name. If unspecified, uses the default username value.
   binaryDownloadPage	The xID or URL that specifies the page to which users should be redirected when requesting to download a protected media item.
   forbiddenFolders	The website folders to which access is always forbidden, regardless of the user's authentication status. Typically includes the settings and StyleSheets directories.
   forbiddenFoldersResponsePage	The xID or URL of the pages to which users are directed when their credentials cannot be authenticated.
   homePage	The xID of the home page.
   loginHandlerPageMockup	The URL for logging in users. If unspecified, uses the default login.ashx value.
   authenticationPageList	The xID that contains the list of pages that require authentication.
   loginPagePath	The xID.xml of the login page that displays when users attempt to access protected pages.
   logoutHandlerPageMockup	The URL for logging out users. If unspecified, uses the default logout.ashx value.
   protectedBinaryFolders	The list of website folders that require authentication for access. Defined folders have their contents protected. Typically, use this to authenticate access to asset folders.
   redirectionQueryStringName	The name of the redirection query string.

6. Save and close Web.config.

Next Steps: Set up page types for RTA.