Carousel: Using authenticated web sites for RSS, web page snapshots

By JJ Parker | Published: January 30, 2009

We have a few customers who would like to display web content in Carousel that is protected by Windows Authentication. This means that if you go the web site it asks you to log in with your user name and password, if you are logged into windows with your domain account then it will authenticate you without prompting.

**We can’t officially support the following configuration. There are so many variables that it would drive our support guys crazy, and we’re not in the position to adjust the security settings of your machines/network/domain. Use this at your own risk!**

Basically what we need to do is run both the Carousel web server and the Carousel service as a user account that can automatically authenticate with the web sites you want to display.

**This is a all or nothing kind of authentication, so all protected web sites you use with Carousel will use this single user name for authentication. You can not set different credentials for each site.**

We will have to configure the following:

  • Create/know the user we want to authenticate as
  • Set IIS to use our account
  • Set that account’s permissions
  • Set Carousel to use our account
  • Give login rights to the SQL server
**This only works in Windows 2003 Server, so that means Carousel Pro or Enterprise. It will not work on Carousel Solo’s!**

When we make a web snapshot to a protected web site it will look like this:

Auth1

Now we will create a user that can visit our TopSecret website and give them IIS_WPG group access:

Auth2
Auth3

Now we will set the IIS Application Pool to use our SecretAgent user:

Auth4

Then we can set the Carousel service too:

Auth5

Now we can see that our 2 service are running under our SecretAgent context:

Auth6

Now we can give our user access to the TRMS databases with SQL Server Management Studio:

Auth8

Auth9

And now the final test!

Auth7

We can now see the protected web site in Carousel.

Now this is all about setting Windows permissions on standard Windows components. So this is not a Carousel configuration as much as it is a Windows configuration.

This entry was posted in Carousel, Guides. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

3 Comments

  1. Alan Bruce
    Posted August 18, 2009 at 10:37 am | Permalink

    Hello JJ,
    Thanks for the info. We only have the solo player. Is there a way to set this up on the solo player by chance?
    Thanks,
    Alan

  2. JJ Parker
    Posted August 27, 2009 at 3:14 pm | Permalink

    Hey Alan, the solo uses Windows XP, so I *think* you can run the web server as another user by setting it up in IIS:
    In Computer Management
    Get properties of the Default Web Site
    Click Directory Security tab
    Edit Anonymous access and authentication control
    Set Anonymous access to use your ‘SecretAgent’ user

  3. AlanBruce
    Posted September 3, 2009 at 9:04 am | Permalink

    Thanks JJ. I set this up and am still getting an access is denied due to credentials. We are trying to access a sharepoint page that is located on our internal network. While logged in to the carousel player itself I am able to access the sharepoint page with the ‘SecretAgent’ but when I try to set up a slide, the preview states access is denied. I am guessing that there is a service that Carousel runs with a local account that is causing the access is denied?? Thoughts?

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>