We have a few customers who would like to display web content in Carousel that is protected by Windows Authentication. This means that if you go the web site it asks you to log in with your user name and password, if you are logged into windows with your domain account then it will authenticate you without prompting.
Basically what we need to do is run both the Carousel web server and the Carousel service as a user account that can automatically authenticate with the web sites you want to display.
We will have to configure the following:
- Create/know the user we want to authenticate as
- Set IIS to use our account
- Set that account’s permissions
- Set Carousel to use our account
- Give login rights to the SQL server
When we make a web snapshot to a protected web site it will look like this:
Now we will create a user that can visit our TopSecret website and give them IIS_WPG group access:
Now we will set the IIS Application Pool to use our SecretAgent user:
Then we can set the Carousel service too:
Now we can see that our 2 service are running under our SecretAgent context:
Now we can give our user access to the TRMS databases with SQL Server Management Studio:
And now the final test!
We can now see the protected web site in Carousel.
Now this is all about setting Windows permissions on standard Windows components. So this is not a Carousel configuration as much as it is a Windows configuration.
5 Comments
Hello JJ,
Thanks for the info. We only have the solo player. Is there a way to set this up on the solo player by chance?
Thanks,
Alan
Hey Alan, the solo uses Windows XP, so I *think* you can run the web server as another user by setting it up in IIS:
In Computer Management
Get properties of the Default Web Site
Click Directory Security tab
Edit Anonymous access and authentication control
Set Anonymous access to use your ‘SecretAgent’ user
Thanks JJ. I set this up and am still getting an access is denied due to credentials. We are trying to access a sharepoint page that is located on our internal network. While logged in to the carousel player itself I am able to access the sharepoint page with the ‘SecretAgent’ but when I try to set up a slide, the preview states access is denied. I am guessing that there is a service that Carousel runs with a local account that is causing the access is denied?? Thoughts?
Does the server need to be bounced after making these changes? I have done as instructed and restarted the services but it still doesn’t work.
Jeremy, what kind of bulletin are you trying to use? We did add authenticated RSS feeds Carousel recently but web page snapshots would still require this goofyness.