Web Services: Integrated Authentication and Internal Access Only

Web Services: Integrated Authentication and Internal Access Only

  
Please explain how to use the following two functions....Integrated Authentication and Internal Access Only
(its not clear how it works or how it can be used)
 
1) Integrated Authentication 
When your Web Service has the Integrated Authentication property set to Yes it means that, while processing the request, the OutSystems application always asks the Web Service client for its credentials.
 
2) Internal Access Only
Usually the Integrated Authentication property is not used stand-alone and you may need to use the integrated authentication actions and the permission area actions.
 
 
Hi Robert, the Integrated Authentication in webservices works just as in web screens - if it is set to "Yes", this means that the execution can only be done by a client that is authenticated with Windows Network Credentials. If the client is not authenticated, a security exception will be thrown. If the client is authenticated, you will have access to the identification of the client in the OutSystems application by using the IntegratedSecurityCheckRole and IntegratedSecurityGetDetails built in actions.

The Internal Access Only means that only clients with IP address registered as "internal" in your OutSystems installation can access the web service. The IP addresses that are considered as internal in an OutSystems installation are defined in the OutSystems Configuration Tool.



Kind Regards,

Daniel Lourenço
OutSystems 

Hello Daniel

Integrated Authentication in webservices works just as in web screens - if it is set to "Yes", this means that the execution can only be done by a client that is authenticated with Windows Network Credentials. 

Can you use enterprise manager/permission area for authentication? 



Is the "Internal Access Only" feature available to all outsystems editions?
Hi Robert, the Enterprise Manager does include support for Windows Integrated Authentication. You have the ability to configure at the user level or even at the whole Enterprise Manager level the type of authentications that you want to apply.

When a user is authenticated with Windows Integrated Authentication, the login flow is the following:
  1. The (still anonymous) user tries to access a page in the OutSystems platform - a security exception is thrown;
  2. The security exception automatically redirects the user to the Enterprise Manager Integrated Authentication page:
    1. If the user is not authenticated in the network, a security exception is thrown and he will get a "no permissions" page;
    2. If the user is authenticated in the network, he will successfully pass this stage - his network credentials will be availalble in the OutSystems platform and the automatic login flow will proceed;
  3. The Enterprise Manager will look for the user Windows Network username in the internal Enterprise Manager user database:
    1. If the user does not exist in Enterprise Manager (it is the first time he tries to login), a user is created with that username;
    2. If the user already exists in Enterprise manager, the user is automatically logged-in and all its runtime permissions and roles granted;
  4. The user is redirected to the original page he requested - normal security validation is done once more, but now with the user authenticated and all his runtime permissions in place.
The Enterprise Manager Windows Integrated Authentication is not availalble in the Community and Basic editions of the OutSystems platform - see the detailed features at http://www.outsystems.com/agile-platform-editions .

I believe the Internal Access only feature is available on all platform editions - did you find any limitation?

Kind Regards,

Daniel Lourenço
OutSystems