NSD1180 How to Install Pledge Enrollment on Microsoft IIS 6.0 Web Server

echinoidqueenServers

Dec 4, 2013 (3 years and 8 months ago)

127 views

NSD1180 How to Install Pledge Enrollment on Microsoft IIS 6.0 Web Server

Fact

Nordic Edge One Time Password Server

Nordic Edge Pledge Client

Microsoft IIS 6.0

Revision

History
Situation



This article describes the two different scenarios for enrolling users into the Pledge system:


Self Service

Centralized Administration, typically an IT-service desk

Self service and centralized administration can be configured for single profile or multiple profiles.

When is it necessary to enable multiple profile support? 
When end users have more than one device, multiple profile support should be enabled. 
For example, when a person has two different cellular phones or when using Pledge on a cellular and
Pledge on a PC.
Multiple profile support is available from OTP Server version 3 and later.


Prerequisites


Microsoft IIS 6.0

Microsoft .NET Framework 2.0 or later

The Pledge client (available at
http
://
www
.
securethecloud
.
com
/
pledge
/
downloading
-
pledge
/
)

Nordic Edge One Time Password Server, configured for Pledge Enrollment (
NSD
1172
)


A Nordic Edge Pledge Web Services account and password

Download
PledgeEnrollment
.
zip
(ver1.4)

Install and Configure the Pledge Enrollment Web Application on IIS 6.0


Follow the installation steps below:


Extract the file “PledgeEnrollment.zip” to an appropriate location on your hard drive, for
instance [drive:]/Inetpub/wwwroot/PledgeEnrollment

Open Internet Information Services (IIS) Manager for adding the application to an existing web
site

Right-click an existing Web Site and select New > Virtual Directory…






Click Next >








Enter an Alias

Click Next >










Enter your application path

Click Next >








Set permissions Read, Run script (such as ASP) and Execute (such as ISAPI applications or CGI). 

Click Next >








Click Finish








Now, right-click the Pledge Enrollment Virtual Directory in the IIS Manager and choose Properties

Change the ASP.NET version to 2.0.x






Click OK 

Restart IIS (perform an iisreset from a command line)


Configure Web.config - Configuration File for the Pledge Enrollment Web
Application


Open the xml file [drive:]/Inetpub/wwwroot/PledgeEnrollment/Web.config with Notepad.exe or
any other editor. Change the variable values to match your environment

Action
Variable
Value
Note
Keep/modify
otpServerHostaddress
"localhost"
The OTP Server IP
address

Keep/modify
otpServerPortNumber
"3100"
The OTP Server
portnumber
Keep/modify
attributeContainingOAT
HKey
"carLicense"
The name of the
attribute that contains
the Pledge key in the
user database
Keep
addKeyPrefix
"0x"
Use "0x" for backwards
compatible mode with
older versions of the
OTP Server
Keep/modify
multipleProfileSupport
"false"
True enables support for
multiple profiles
Keep/modify
nativeClientName
""
Used to communicate
the name of a native
client to One Time
Password Server via a
Nordic Edge API.
Modify
pledgeWSUserAccount
"pledgeUserAccount"
The Nordic Edge Pledge
Factory Web Service
user name
Modify
pledgeWSUserPassword
"pledgeUserAccountPass
word"
The Nordic Edge Pledge
Factory Web Service
password
Keep/modify
groupAttributeName
"memberOf"
The LDAP attribute
name that contain the
group or role value
(memberOf for AD)
Keep/modify
supportGroupName
"Domain Admins"
The value of a CN that
contains the support
group. Must be the CN
value

Keep/modify
proxyURLport
""
URL and portnumber
to the proxy
server, http://
proxy.company.com:312
8
Keep/modify
proxyUser
""
Proxy user name (if any)
Keep/modify
proxyPassword
""
Password for the proxy
user name
Keep/modify
proxyDomain
""
Proxy domain



<appSettings>       
   <!--OTP Server Configuration-->
   <add key="otpServerHostaddress" value="localhost"/> <!--The OTP server IP address-->
   <add key="otpServerPortNumber" value="3100"/> <!--The OTP Server portnumber-->
   <add key="attributeContainingOATHKey" value="carLicense"/> <!--The name of the attribute that
contains the Pledge key in the user database-->
   <add key="addKeyPrefix" value="0x"/> <!--Use 0x for backwards compatible mode with older versions
of the OTP Server-->
   <add key="multipleProfileSupport" value="true"/><!--True enables support for multiple profiles -->
   <add key="nativeClientName" value=""/><!-- Sets the native client name used by the OTP Server -->

  <!--Nordic Edge Pledge Web Services-->
   <add key="pledgeWSUserAccount" value="pledgeFactoryAccount"/> <!--The Nordic Edge Pledge
factory Web service user name-->
   <add key="pledgeWSUserPassword" value="pledgeFactoryAccountPassword"/> <!--The Nordic Edge
Pledge factory Web service password-->
 

   
<!--Settings for Centralized Administration -->
   <add key="groupAttributeName" value="memberOf"/> <!--The LDAP attribute name that contains the
group or role values (memberOf for AD).-->
   <add key="supportGroupName" value="Domain Admins"/> <!--The value of a CN that contains the
support group. Must be the CN value-->

  <!--Proxy settings (to be configured if proxy is used)-->
  <add key="proxyURLport" value=""/><!--Example: value="http://proxy.company.com:3128" -->
  <add key="proxyUser" value=""/><!--Example: value="proxyadmin" -->

  
<add key="proxyPassword" value=""/><!--Example: value="proxyPassword" -->
  <add key="proxyDomain" value=""/><!--Example: value="proxyDomain -->
</appSettings>
  


Language Settings (in Web.config)
In the section below, “en-US” is the selected language.

If culture is set to “sv-SE” and uiCulture to “sv-SE”, the language is set to Swedish.

If culture is set to “Auto” and uiCulture to “Auto”, the language is set by the browser language
settings.
NOTE
: If Culture  is set "true", Culture is set by the browser

 

<system.web>
   <!-- <globalization enableClientBasedCulture="true" culture="Auto" uiCulture="Auto"/> -->
   <!-- <globalization enableClientBasedCulture="true" culture="sv-SE" uiCulture="sv-SE"/> -->
     <globalization enableClientBasedCulture="true" culture="en-US" uiCulture="en-US"/>


 

Run the Pledge Enrollment Application
There are two different pages, one page for self service administration and another page for
centralized administration. The centralized administration page is typically used by persons having
administrator privileges to enroll users into the Pledge system.

To test run the Pledge Enrollment application:



In IIS Manager: Right-click the Enroll.aspx and choose Browse





1. Scenario 1 -  Self Service Enrollment
Users can enroll into the Pledge system with this page when they have been granted the write
permission into the ldap attribute (configured in Web.config) containing the Pledge key.
Fill in the form with user name and password.
When user have an old Pledge key (an old profile) and need a new one, select “Overwrite existing
key”.

Figure:
The Enroll.aspx self service page







If multiple profile support is enabled, the following page will appear instead.

Figure:
The Enroll.aspx self service page with multiple profile support







Figure:
The user self service result page, displaying the user name and the Pledge profile ID







2. Scenario 2 - Centralized Administration
Enter administrator user name and password as well as the “Pledge user name”, which is the user
account name of the person to enroll into the Pledge system.
Figure:
The SupportEnroll.aspx administration page








If multiple profile support is enabled, the following page will appear instead.
Figure:
The SupportEnroll.aspx administration page (with multiple profile support)








If the logon is successful, a Pledge profile ID is created (see below). 
Note that a new link 'Create another Pledge profile' exists.
Figure:
The admin result page displaying the user name and the Pledge profile ID.







Install and Test the Pledge Profile

To install the Pledge Profile:


Launch the Pledge Client

Add a new profile and enter the profile ID

Enter your PIN code (verification needed)

After this is done the new profile is ready to use.
To verify the Pledge profile ID use following test page to generate a One-Time Password from your
Pledge client:




Figure:
The Pledge Profile Test page





Related Articles
NSD
1172
Configuring One Time Password Server for Pledge Enrollment
NSD
1173
Pledge Enrollment for Apache Tomcat
NSD
1199
 
How to install Pledge Enrollment on Microsoft IIS 7.0 Web Server

Revision History


Pledge Enrollment 1.4, rev 4
10th januari 2011
- Directory for aspx pages was changed to the root directory instead of the pages directory

- Installation guide now shows adding the application to an existing IIS web site (instead of creating a
new IIS web site)


Pledge Enrollment 1.4, rev 3
23th december 2010
- Language and terminology corrections have been performed in the application and in
the solution document


Pledge Enrollment 1.4, rev 2
7th december 2010
- Default.aspx added
- Added VerifyUser.aspx. This page helps a service desk to confirm a user by phone. The user gives his
Pledge OTP that can be verified by the Service Desk
Pledge Enrollment 1.4, rev 1
7th november 2010
- Minor change: Improved error handling added

Pledge Enrollment 1.4
20th august 2010
- Multikey support added
- New info images added
- Confirmation boxes added
- Added the option to set a native Client Name (for developers) in the web.config

Pledge Enrollment 1.3
8th april 2010
- Added proxy settings for proxyuser, proxyuser password and proxy domain.
- NordicEdgePledgeEnrollment.dll renamed to NordicEdge.PledgeEnrollment.dll

Pledge Enrollment 1.2
- Version number 1.2 was never used

Pledge Enrollment 1.1
23rd februari 2010
- NordicEdgeOTP.dll v. 1.2.2 replaced with v.1.2.3 due to issue with international characters in user
name and password
3rd februari 2010

- Error message corrected in SupportEnroll.aspx: The name of the administrator was displayed in the
error message 'Profile  already exist. ' instead of the Pledge user username 
18th november 2009 
- Proxy functionality added

Pledge Enrollment 1.0
13th november, 2009 
- NSD documentation rewritten
- The PDF document Nordic Edge - Pledge Enrollment MS DotNET 1.0.pdf removed

October 2009, initial edition