This document describes the SSRPM web interface. The chapter Installing the Web Interface covers the installation of the SSRPM Web Interface with Microsoft IIS. The chapter Overview covers the pages that are available with the SSRPM Web Interface.
Please note that the Web Interface shipped with SSRPM can be fully customized. Refer to the "COM Object Guide" for a complete description of the SSRPM COM Object used in the Web Interface.
2. Installing the Web Interface
This chapter describes step by step how to install the web interface. This document assumes that IIS is already installed and running. The Web interface is installed in three steps:
1. Installing the SSRPM COM Object. First, the SSRPM COM object must be installed on the machine running IIS.
2. Installing the Web Interface. Second, the Web Interface must be copied to a directory on the machine running IIS.
3. Configuring IIS. Last, IIS must be configured so that the web interface can be accessed.
2.1. Installing the SSRPM COM Object
The Web Interface uses the SSRPM COM Object to access the SSRPM Service. This COM Object must first be registered on the machine running IIS. This chapter will describe in detail how to register the SSRPM COM Object.
1. Copy the SSRPM COM Object to the target machine. The SSRPM COM Object is installed together with the SSRPM Admin Console and can be found in the directory "C:\Program Files\Tools4ever\SSRPM\COM". There are 2 versions of the COM object: 32-bit and 64-bit. Use the 32 bit version for 32-bit operating systems and the 64- bit version for 64-bit operating systems. The name of the files are "SSRPMCOMMT.dll" and "SSRPMCOMMTx64.dll", respectively.
2. Also copy the file 'Register.bat' to the same directory as the SSRPM COM Object.
3. Go to the machine running IIS.
4. Double click on the file 'Register.bat'. This command need to be executed with Administrative rights. If the registration succeeds, the following dialog is displayed:
2.2. Installing the Web Interface
The SSRPM Web Interface is a fully functioning interface that users can use to enroll into SSRPM, reset passwords or unlock accounts. This chapter describes how to install the SSRPM Web Interface on the machine running IIS. If the web interface is also intended to be used by the client (enrollment wizard) you will need to setup 2 separate web interfaces. One with Forms Authentication and one with Windows Authentication. This will be explained later on in this chapter.
You only need the web interface with Windows authentication if you are going to use the enrollment wizard and you want the user to be automatically logged on.
1. The SSRPM Web Interface files are installed together with the SSRPM Admin Console. They can be found in the directory 'C:\Program Files\Tools4ever\SSRPM\Admin Console\Examples\Client Web Interface'. Select all of the files in that directory (including any subdirectories) and copy them to an empty directory on the machine running IIS. The installer also includes the CIV Web Interface which is a interface that the help desk can use to verify the identify of callers. The installation is very similar to the SSRPM web interface, the only notable difference is that web interface requires 'Windows Authentication'.
1. The CIV Web Interface files are installed together with the SSRPM Admin Console. They can be found in the directory 'C:\Program Files\Tools4ever\SSRPM\Admin Console\Examples\CIV Web Interface'. Select all of the files in that directory (including any subdirectories) and copy them to an empty directory on the machine running IIS. There are 2 methods to install the web interface(s).
1. Manually, see chapter: Manual Installation.
2. Using the MSI package, see chaper MSI Installation.
Please note that the web interface by default is configured to connect to the SSRPM Service on the same machine as IIS. This behaviour can be changed by changing the value of the setting "server" in the web.config file.
The system requirements of SSRPM web interface are:
Windows Server 2008 R2
Windows Server 2012
2.2.2. MSI Installation
The file 'SSRPMWebInterfaceSetup.msi' to can be used to install the web interface(s) and can be found in the directory 'C:\Program Files\Tools4ever\SSRPM\Admin Console\'. By default the installation procedure will install 2 web interface (one with forms authentication and 1 with Windows authentication. Optionally, you can also install the Helpdesk Caller Identity Verification (CIV) web interface. It will create new web interface entries in IIS, SSRPM_FA for forms authentication, SSRPM_WA for Windows authentication and/or SSRPM_CIV for the helpdesk CIV web interface. By default they will listen to the ports 80, 81, 800, respectively. During the installation procedure you can specify the location of SSRPM server the port. It also enables/disables the appropriate authentication methods. After the installation you will still need to configure site to use SSL as well as any other settings you wish to change (such as the CAPTCHA).
2.2.3. Manual Installation
This section will help you install IIS on the machine.
1. Go to 'Administative Tools' and click on 'Server Manager'. This will open the following dialog:
2. Click on 'Add Roles and Features' to start the Add Roles and Features wizard.
3. Click on 'Next' to navigate to 'Server Roles'. Expand 'Web Server (IIS) and select the options 'ASP.NET 4.5'
under 'Application Development'. If you check 'ASP.NET 4.5' you will be shown the 'Add role services required for ASP.NET 4.5' dialog, because
ASP.NET 4.5 requires that '.NET Extensibility 4.5' and 'ISAPI Extensions' are installed. Add both features to continue.
4. Expand 'Security' and select the following options: Basic Authentication, URL Authorization and Windows Authentication.
5. Click on 'Next' and check if ASP.NET 4.5 is checked.
6. Click on 'Next' and followed by a click on 'Install'.
7. On Windows 2008 it might be necessary to run the command "aspnet_regiis -i" in order to enable .NET4.5 functionality. This command should be run as Administrator. Open the command prompt as Admin and execute the following command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -i".
After installing both the SSRPM COM Object and the SSRPM Web Interface, IIS can now be configured to run the SSRPM Web Interface. This chapter describes in detail how to configure IIS to run the SSRPM Web Interface. There are multiple ways to set it up. In this example we setup two different web sites. Another option would be to setup a single web interface with two separate applications with different authentication methods. Note: By default the web interface is configured for HTTP and is not as secure as it should be. It is recommended to use HTTPS and to edit the web.config file and to add the highlighted attributes:
<httpCookies httpOnlyCookies="true" requireSSL="true" />
<forms loginUrl="~/Home/Index" defaultUrl="~/Home/Index" timeout="60" name=".SSRPMFORMSAUTH" domain="*" slidingExpiration="false" requireSSL="true"/>
It is also advisable to set the option "EnableHttpsRedirect" to true.
1. Copy the web interface files and folder to the appropriate directory, preferably something like: "C:\inetpub\wwwroot\SSRPM_FormsAuth". By default the source files of the web interface can be found in "C:\Program Files (x86)\Tools4ever\SSRPM\Admin Console\Examples\Client Web Interface".
2. Open the 'Internet Information Services (IIS) Manager.
3. Right click on the server name and click on 'Add Website'. And enter the specified information. It is advisable to use https and even mandatory if you want to use the web interface for the SSRPM desktop clients. If you already have a certificate please select 'https' and the correct certificate. If not, please change this to https after installing the certificate.
4. Select the new website and open the 'Authentication' dialog.
5. Make sure 'Forms Authentication' is enabled and 'Windows Authentication' is disabled.
6. Make sure the application pool used by the SSPRM web site is using .NET v4.
7. The IIS user needs to have access to the COM object DLL files. The quickest solution is to copy the COM object folder from "C:\Program Files (x86)\Tools4ever\SSRPM\" to "C:\inetpub\wwwroot\" and register the COM object from that location.
8. It is recommended to enable "Require SSL" in the SSL Settings.
9. The web interface with 'Forms Authentication' should now be running.