Home > Tools & Setup > Additional Technical Information > Application (Forms) Authentication

Application (Forms) Authentication

Application Authentication allows for authenticating users that are not currently in a Windows domain. The users will be set up directly on the website for Local Server Authentication, or what TMS refers to as Application Authentication.

If using Application Authentication, when a TMS administrator adds a new user that includes a user logon and e-mail, the user will receive a welcome e-mail instructing them to set up their TMS password. Their logon and a temporary password will be included in the e-mail.

A Log Out button displays on the upper right of the User Menu panel.

This feature must be set up in the webconfig file and allows a user to log out of the application. After clicking the Log Out button, the user is prompted to confirm that they want to log out of TMS.

Clicking Yes/Continue will end the TMS session and require that the user re-enters their credentials at the next logon.

With forms authentication, the TMS application prompts the user for their user credentials with a special web page. When the user clicks Logon, the credentials are verified by TMS against either the domain or the local web server.

Forms authentication is configured in TMS_Web\Webroot\web.config at lines 104-118 (for 7.3). Lines 105-109 need to be commented out and lines 111-118 need to be uncommented (see example code below).

In the AppSettings section there are a number of parameters that can to set. They are as follows:

  • FormsAuthenticationDefaultDomain specifies the default location where the user is verified.
  • AutoCreateLocalWindowsUser specifies if local Windows users are to be created if the Network Login field contains the web server name.
  • AutoCreateInitialPassword specifies the default password. Setting to blank will create random passwords.
  • MinumumPasswordLength and MaximumPasswordLength specify the minimum and maximum length when generating passwords.
NOTE: Generated passwords will be complex and will contain a combination of numbers, upper, lower, and special characters.
NOTE: In IIS, the Anonymous Authentication must be enabled and Basic and/or Windows must be disabled.
 

Two other parameters in the web.config appSettings section can also be implemented. They are used together and are as follows:

  • Setting Session_Force_TimeOut set to YES will timeout a user session
  • Session_Force_TimeOut_Minutes sets the number of minutes before the timeout occurs
NOTE: A warning message with a countdown clock will display. The user can click the message to reset the session and return to TMS.

When using Application (Forms) Authentication, there is a Forgot Password link on the Login page that the user can click at any time. An email will be sent to the user with instructions for resetting password. There is also a Reset Password tab on the User Detail page that will issue a reset requirement (TMS Permission Required). A default password will be issued to the user based on the value in the AutoCreateInitialPassword  option. If the value is blank, a random password will be issued to the user to reset their password on next login.

Web.config lines 104-118 would look like the following for Forms Authentication:

<!–

<authentication mode=”Windows” />

<authorization>

<allow users=”*” />

</authorization>

–>

<!– –>

<authentication mode=”Forms”>

<forms loginUrl=”logon.aspx” name=”.ASPXFORMSAUTH”>

</forms>

</authentication>

<authorization>

<deny users=”?” />

</authorization>

Back To Top