12-08-2017 01:27 PM
Is it possible to configure a WFS-T feature so that windows integrated security is used to determine whether the user has sufficient privileges to edit the database? Tried to configure the SQL Server connection in Publisher Administrator as Read-Write with Trusted_Connection=Yes and the IIS Application Directory has Windows Authentication enabled. No luck so far. Am I missing something?
12-10-2017 02:18 PM
It is the 'GeoMedia WebMap' local windows service that is connecting to SQL Server warehouse, not the IIS user.
The 'GeoMedia WebMap' local windows service runs under a single predefined account for all WebMap requests to source warehouses.
So if you wanted to use Trusted_Connection=Yes you would have to change the 'GeoMedia WebMap' from local system account to a domain user account as the local system account is unlikely to have login privilages to SQL Server. You may also need to update the dcom configuration for it to work - see
GeoMedia WebMap Installation Guide > Setting Default COM Security
All users accessing the WFS-t service effectively connect as the 'GeoMedia WebMap' login account. The IIS user connecting makes no difference except to determine if the user has access to the WFS service in the first place.
Some options (others might have more)
12-12-2017 01:32 PM
Hit the wall with trying to set up a WFS-T with access permissions defined by an active directory group. It seems I can't access the WFS-T service without including Anonymous Authentication enabled. Once I establish a connection I try to use ".NET Authorization Rules" to set an allow rule for a specific user or an AD group with no success. Is there a specific set of instructions available for setting this up?
12-12-2017 07:23 PM
Following is for basic authentication. You will likely need to tweak depending on type of authentication and SSL settings etc.
I also noticed this is in the developer forums - should probably be in the general discussions forums.
Most of the above is not specific to Hexagon Geospatial WMS/WFS etc - you can google some of the above keywords to get variations to the settings.
12-13-2017 08:23 AM
Thank you for the response. I should have stated that I'm only interested in Windows Authentication without SSL because this is an Intranet application. Is it possible to run a WFS-T server under Windows Authentication? I am having no luck at all unless Anonymous is allowed.
12-13-2017 10:58 AM
I have not run up windows authentication for quite a while and don't have operational notes readily availalbe.
Googling iis windows authentication web.config webHttpBinding gives some options.
<transport clientCredentialType="Windows" />
12-13-2017 12:59 PM
Well that seemed to work. Now I get a logon screen everytime I want to connect to the service. Shouldn't integrated security do this automatically? That's kind of the point of it :-)