Kourier Integrator Administration - Securing the Kourier Website

---

The Kourier website can be secured from unauthorized access by implementing standard .net security features associated with any Microsoft Internet Information Services (IIS) application.  This article discussed the configuration changes you must make to enable these features.

The example below is based upon Windows Server 2008 R2 and Microsoft Internet Information Services version 7.5 where we will limit access to the Kourier website to only those users that are part of a Windows group named "kourier_user".

Step 1 -  Enable Anonymous Authentication and Windows Authentication for the Kourier website

Open the IIS Administration application and in the Sites node, double-click the Kourier website.  You should see a display similar to this:

Double-click the Authentication icon and ensure that Windows Authentication is enabled and that Annonymous Authentication is disabled:

Step 2 -  Modify the webconfig file assoicated with the Kourier GUI

 Open the web.config file using an application such as notepad.  Change the mode attribute for the element "authentication" from "none" to "Windows" to turn on Windows authentication.

Under the authorization element:

1. Add an element to deny access to anonymous users (e.g. <deny users="?" />).
2. Add an allow element to allow a list of authorized user (e.g. <allow users="koretech\markd, koretech\ericy" />).
3. Add an element to deny access to all other users (e.g. <deny users="*" />).

Save the changes.  Note: Depending upon how your website has been configured you might need to change permissions on the web.config file before you will be allowed to save these changes.

See Also

Kourier Integrator Setup and Administration Guide

Kourier TCL Commands

User Guide - Table of Contents