05-20-2016 02:58 AM
With the Geospatial SDI Security Console is it possible to
05-24-2016 03:44 PM
a) Password to access Security Console -- not aware of this feature, perhaps development should chime in.
Since the Security Console prompts for an authorization bridge service, a password for Security Console may be unnecessary IF the authorization bridge service is secured ??
b) secure the authorization bridge service, so that is checks against an AD group? -- I see an <authentication> section in web.config:
<!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Windows"/>
And security mode for AuthorizationBridgeBinding:
<bindings> <wsHttpBinding> <binding name="AuthorizationBridgeBinding"> <security mode="None"/> </binding> </wsHttpBinding> </bindings>
Again, need development input here.
c) & d) --> Auditing -- sounds like Enhancement Request.
06-02-2016 08:15 AM
None of this are available out of the box.
The security console has no provision for authentication. It might be possible to use the current logged on user credentials by configuring both ends (security console as client, authorization bridge as service) in the appropriate WCF sections. I don't think anyone ever tried this approach. Even so, the security console would then only display a "can't connect" message, without giving specific information as to the reason being unauthorized.
A very dirty approach at limiting who can run the security console would be using standard windows file permissions
No history logging is available in the authorization bridge but it seems to be actually a valid enhancement.