Quick Start (First Installation for New User)

1. Download and Unzip the latest DAF Package
2. Run SETUP.EXE. Follow instructions and accept default settings. If the setup program did not report any errors, all DAF components should now be installed and running.
3. Prepare a User Database
4. Create a System DSN ODBC Source (ODBC User Database only)
5. Configure DAF to use your DAF User Database
6. Start the DAF User Database
7. Test your DAF Configuration
8. Setup the Web User Manager
9. How to use Logs options

3. Prepare a User Database

DAF can handle TEXT file or ODBC source as a User Database. For a Quick Start two sample User Databases are available in directory "<DAF directory>\quickstart\userdb":

• USERDB.TXT is a sample TEXT DAF User Database
• USERDB.MDB is a sample MS Access DAF User Database. MS Access ODBC drivers MUST be installed on the server.

Both files contain the same four users: 

 File USERDB.TXT:

File USERDB.MDB (MS Access 97):

Data in table UserDB:

Structure of Table UserDB:

If you would rather create your own DAF User Database, please refer to Creating a User Database with an ODBC Source or Text file

4. Create a System DSN ODBC Source (ODBC User Database only)

To use the sample MS Access User Database it is necessary to create a new ODBC data source name attached to the sample MS Access File.

• Run 32bit ODBC in the Control Panel
• Select <System DSN> and NOT User DSN
• Press <Add>
• Select "Microsoft Access Driver (*.mdb)"
• Press <Finish>

ODBC setup dialog box with an MS Access file:

• Enter a name in field "Data Source Name." For this sample enter "dafuserdb"
• Press <Select>
• Select file "<DAF Directory>\quickstart\userdb\userdb.mdb"
• Press <OK>
• Close the ODBC Manager

5. Configure DAF to use your DAF User Database

Launch the DAF Configuration Tool:

• <Start Button/Programs/Dynamic Authentication Filter/DAF Configuration Tool>
• Or, on the Desktop Task bar click on the DAF Icon  and choose "DAF Configuration Tool"
• Or,  run CONFIG.EXE in directory "<DAF Directory>\bin".

The next step consists of creating a DAF User Database which is an internal object built around the "real" User Database:

• Press <Add User DB>
• In field "New User Database Name," enter "userdb1"
• Press <Create>
• Press <Close>

Attach the DAF User Database to an IP address

It is now necessary to specify for which Web Host the DAF User Database should handle authentication. In other words, for which incoming HTTP requests DAF should handle authentication. This specification is done by attaching a combination of an IP address a Port  Number and Host Header Name to a DAF User Database. For this sample the DAF User Database will be attached to an IP address.

• Select an IP Address in window "IP & Web Hosts attached"
• Press <Attach>

In the screen example, IP address 192.168.1.100 has been attached to DAF User Database "userdb1." This means that DAF will handle authentication for all incoming HTTP requests starting with 'http://192.168.1.100/..." (or corresponding web domain name.)

A DAF User Database can also be attached to any combination of a IP address, a Port  number, and Host Header Name. For more information refer to section Web Hosts Configuration

---------  Important! ------------------------------------

IIS Authentication Scheme Configuration requirement

DAF does not support "Windows NT Challenge/Response" Authentication scheme. A Web Site attached to a DAF User Database MUST have the following IIS authentication settings. If this is not the case DAF will not handle web authentication correctly:

• "Basic Authentication" scheme MUST be ENABLED
• "Windows NT Challenge/response" scheme MUST be DISABLED.
• "Allow Anonymous Access" should be ENABLED. If needed, anonymous access should be denied using only NT or DAF permissions.

For instructions, refer to section IIS Authentication Scheme Configuration.

Error: Connection with the DAF Engine refused

The DAF Configuration Tool will communicate with the DAF Engine using a TCP/IP connection (for more information, click here). This error message will be reported when the connection is refused. It can happen in three cases:

 

• DAF Filter is NOT loaded
• Connection with the IP Address and Port Number is refused by the server for security reasons
• There is an IP Address/Port Number conflict with another application.

-----------------------------------------------------------------

To use the TEXT file as a User Database:

• Check <Text File>
• Press <Browse> and select file <DAF Directory>\quickstart\userdb\userdb.txt

To use the ODBC source as a User Database follow steps 1 through 5 below:

Step 1. Attach the ODBC Source (ODBC Source only!)

• Press button <userdb1>
• Select Tab <Database Type & Web Hosts>
• Check <ODBC Data Source>
• Select Tab <ODBC Settings>

• With List Box "System Data Source," select "dafuserdb"
• Press <Test connection> to verify that the ODBC source is usable. No error should be reported.

Step 2. Define the Update mode (ODBC Source only!)

• Select Tab <Update Mode>
• Check <Real-time>

Step 3. Define the column names (ODBC Source only!)

This step consists of defining which table and which columns should be used by DAF to retrieve all account information.

• Select Tab <Web Hosts & Tables & Fields>

• Select "userdb" in window "Table attached to DAF"
• Press <Attach>
• Enter all column names:
• 
  - "dafuser" in field "DAF User col."
  - "dafpass" in field "DAF Password col."
  - "dafgroups" in field "DAF Groups col."

Step 4. Check all ODBC Settings (ODBC Source only!)

• Press <Try to read ODBC source>. No error should be reported.

Step 5. Attach an IP address to the Table  (ODBC Source only!)

With an ODBC source, it is possible to attach different tables to different IP addresses. Therefore, it is necessary to define which IP address should be attached to table "userdb."

• Select an IP address in window "Attached IP & Web Hosts"
• Press <Attach>

Addresses listed in window "Attached IP & Web Hosts" are addresses defined in Tab "Database & Web Hosts."

6. Start the DAF User Database

• Press button <userdb1>
• Select Tab <Database Type & Web Hosts>
• Press <Start> to start the DAF User Database. The DAF User Database state should change to "Running" and a green up arrow should replace the red down arrow.

At this point the basic DAF configuration is complete.

7. Test your DAF Configuration

Two sample directories are installed with the DAF Package:

• A Public directory: "<DAF Directory>/quickstart/www/public"
• A members only directory: "<DAF Directory>/quickstart/www/private"

---------  Important! ------------------------------------

DAF will never override NT permissions. If DAF grants access to a resource protected by NT permission (for the current NT user) access will be denied to the web client.

Therefore, you need to make sure that the default IIS NT User (IUSR_XXXXX) has read access to directories "<DAF Directory>/quickstart/www/public" and"<DAF Directory>/quickstart/www/private." An easy solution is to set NT permission EVERYONE|READ for these resources.

-------------------------------------------------------------------

In the members only directory are located five files with the following permissions:

• "default.htm" is accessible to any user (not protected)
• "allauth.htm" is accessible to any authenticated users
• "grpall.htm" is accessible to members of DAF groups "grp1", "grp2" and "grp3"
• "grp1.htm" is accessible to members of DAF groups "grp1" only
• "grp2.htm" is accessible to members of DAF groups "grp2" only

With the test user database, access rights to resources are: 

 To test your DAF configuration:

• Map URL "/quickstart" to directory "<DAF Directory>/quickstart/www." Make sure that this new URL is usable with the IP address attached to the DAF User Database.
• Set NT Permission [EVERYONE | READ] for all files and sub-directory under directory "<DAF Directory>/quickstart/www."
• Open your browser and under URL  "http://192.168.1.100/quickstart" try to open directory "public" and each file under directory "private." While accessing protected files you should be prompted for a password until you enter a valid login for the requested resource.

In sample directory "<DAF Directory>/quickstart/www/private" access permissions are defined with a text file named DAFAUTH.INI. This file is used to define, using a simple syntax, all permission attached to all files located in the same directory.

File DAFAUTH.INI used to define permission for "<DAF Directory>/quickstart/www/private":

For more information on how to protect files and directories, refer to section Managing Resource Access Permissions.

8. Setup the Web User Manager

The Web User Manager is a Web application designed to manage a DAF User Database. The DAF setup program installs by default this application. However, to use it, it is necessary to map a URL to its home page:

• Map URL "dbuserman" to directory "<DAF Directory>\asp\db_usermanager." Allow Execute Access. Make sure that this new URL is usable with the IP address attached to the DAF User Database.
• To launch the application with a browser load "http://192.168.100/dbuserman"

9. How to use Logs options

DAF offers powerful log features which should be helpful to solve potential problems. Logs can be viewed in real-time with the DAF Configuration Tool:

• Launch the DAF Configuration Tool from <Start Button/Programs/Dynamic Authentication Filter/DAF Configuration Tool> or run CONFIG.EXE in directory "<DAF Directory>\bin".
• Select "userdb1"
• Select Tab "Logs"
• Check:
• 
  - Log on DAF User Logged (login only)
  - Log on DAF User NOT logged (login only)
  - Log on IIS "Access Denied" (login only)
  - Log on received HTTP requests
• Select Tab <Database & Web Hosts>
• Press <Stop> and <Start> to restart the DAF User Database
• Press <Live Log>

At this point, information on all incoming HTTP requests should be displayed live in the window.

For example, to verify to which DAF User database is attached an incoming HTTP request:

• Select <Main Log> in the Live Log Window
• With your browser, load "http://192.168.1.100/quickstart." The following message should be reported:

HTTP Request for <192.168.1.100>,<80>,<192.168.1.100> from <192.168.1.55>,
<Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)> - Attached to <userdb1>

A request for an IP address not attached to a DAF User Database would be reported as:

HTTP Request for <192.168.1.101>,<80>,<192.168.1.101> from <192.168.1.101>,
<Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)> - NOT Attached

To get information on an incoming request attached to DAF User Database "userdb1":

• Select <userdb1> in the Live Log Window
• With your browser, load "http://192.168.1.100/quickstart/private/grp2.htm." The following message should be reported:

192.168.1.100,80,:(FA100)(DAFAUTH.INI PERMISSION) Access Denied for user <>,<> 
to </quickstart/private/grp2.htm>

• Enter login "joe" and password "square." Access should be granted and the following message reported:

192.168.1.100,80,:(AA100)(DAF LOGON SUCC.) User Found : joe#grp2;grp3@ (-> ) in DAF db

• When the User is valid, but not allowed to access the resource the message reported would be:

192.168.1.100,80,:(AA100)(DAF LOGON SUCC.) User Found : joe#grp2;grp3@ (-> ) in DAF db
192.168.1.100,80,:(FA100)(DAFAUTH.INI PERMISSION) Access Denied for user <joe>,<> 
to </quickstart/private/grp1.htm>

Last update: Saturday, April 03, 1999 08:20