User authentication setup

The Axiell WebAPI offers two (previously three) different methods to validate and retrieve user credentials through the login command:

  • Based on an Axiell Collections database
  • Based on Active Directory
  • Based on a SQL Server membership database (database aspnetdb), only valid from WebAPI version 3.6.272.0 up to 3.6.1224.

From Axiell WebAPI version 3.6.272.0 up to 3.6.1224, user authentication had to be set up in the web.config file for the wwwopac.ashx, and the authentication details were stored per user, either in an Axiell Collections database, Active Directory or a SQL Server membership database; see the paragraphs 2.1 up to and including 2.3 below for more information.
From wwwopac.ashx 3.6.1225 however, user authentication must be set up in the adlibweb.xml file (again) instead of in web.config, and the authentication details are stored per user, either in an Axiell Collections database or Active Directory, or in both. Per user authentication source (Active Directory or an Axiell Collections database like Borrower or DBuser - see paragraph 2.1 for information about DBuser), you can specify an authentication configuration section in adlibweb.xml, mapping source fields to Axiell AdlibXML tags. For Active Directory authentication, use the .NET UserPrincipal property names of a user as the source field names. The wwwopac.ashx will automatically return the Active Directory groups/roles to which the user has been assigned, in the login reply. In the (partially optional) mapping for an Axiell Collections database you could include fields other than the user name and password fields stored in the user details records, not because they are required for authentication but for anything else you might want to do with that data. Do always map the borrower_number field here if you have an Axiell Internet Server web application and you want visitors (borrowers) to be able to make reservations via your website.
The <defaultGroups> section is used to assign one or more default group names (roles) to every logged-in user. These are returned in the login reply, as well as groups retrieved from the other authentication sources. If you have an Axiell Internet Server web application, these default group names can be used to selectively enable website functionality for all logged-in visitors (via the <authorization> section in globalsettings.xml). You cannot leave the <defaultGroups> section out: at least one (empty or filled) <group> node must be present. The default group names can be any names you find descriptive.
If you specify more than one authentication configuration section, then on login they will be read consecutively from top to bottom to collect all user authentication details from all these sources (when applicable) and deliver those in a single record in Axiell AdlibXML format to the client. If the client is an Axiell Internet Server web application, these details can be used for accessing different user-authenticated services like making reservations or adding comments and tags to detail catalogue records. See paragraph 1.1 and 1.2 below for configuration examples.
Although there are two (or three) types of user authentication, login always has to be explicit. The format of the login request is the same for all methods.

 

------------- Obsolete web.config configuration -------------