Kourier Integrator Online Help
The Kourier website can be secured from unauthorized access by implementing standard .net security features associated with any Microsoft Internet Information Services (IIS) application. This topic discusses the configuration changes you must make to enable these features.
The example below is based upon Windows Server 2008 R2 and Microsoft Internet Information Services version 7.5 where we will limit access to the Kourier website to those users that are part of a domain Windows group named "koretech\kourier_users" and a domain user named “koretech\kourier”.
Open the IIS Administration application and in the Sites node, double-click the Kourier website. You should see a display similar to this:
Double-click the Authentication icon and you will see the Authentication groups window.
Right-click on the Windows Authentication name and select Enable from the popup menu. Then right-click on Anonymous Authentication and select Disabled from the popup window. Finally, right-click on Forms Authentication and select Disabled from the popup window (as shown below):
Then right-click on Windows Authentication again and select Providers... from the popup menu.
In the Providers window, highlight NTLM and use the Move Up button to move it to the top of the list as shown below. Click OK to save your changes.
Click on the web site and double-click the .net Authorization Rules icon (order is important as this is a filter).
Add Allow rules for Specified roles (Active Directory groups) – i.e. domain\kourier_users --OK
Add Allow rules for Specified users – i.e. domain\kourier, domain\user1 --OK
Expand the Kourier site and highlight the Services folder.
Double-click the Authentication icon.
This step is only required if you are using Kourier REST and want to test using the Kourier UI website.
Expand the Kourier site and highlight api.
Double-click the Authentication icon.
• Disable Windows Authentication
• Enable Anonymous Authentication