Skip to the content Back to Top

While there is an ongoing move towards open access content, open data and open source applications, some of our clients do manage subscription-based resources. In some cases a subset of their information resources are available to the public, while more detailed information requires a paid membership. In other cases, all access requires some sort of login.

For these clients, and for anyone wanting to manage access to web-based information resources, we offer the Andornot Authentication Manager.

This web application allows you to limit access to your website content and search applications based on:

  • usernames and passwords;
  • IP addresses (single or ranges); and
  • referring URLs (i.e. incoming links from an intranet or subscriber-only site).

The Authentication Manager controls what a user can see or access based on their role. For example, the general public may have search-only access to brief records, whereas a logged in user can view a full record, access full text or original digitized content, submit requests or orders, etc. This flexibility is perfect for subscription-based sites and services.

The Authentication Manager is designed to work specifically with the Andornot Discovery Interface and Andornot Starter Kit for Inmagic WebPublisher PRO, but can be adapted to other web applications. 

Other features include:

  • account and group profile management;
  • detailed reporting of site access, by account and time period; and
  • subscription and account expiration management.

The Authentication Manager is a .net web application, so designed for Windows Servers and web applications that run on them. The interface is accessible from both desktop and mobile browsers.

Contact us to learn more about the Andornot Authentication Manager.

Symptom

IE8 refuses to authenticate on a local website (website and browser are on the same machine) even when valid credentials are supplied, when the website is reached using a host header bound to the machine's loopback address. After a few attempts, the website reports an HTTP 401.1 Access Denied error. A different browser may authenticate successfully. Browsing the website with IE8 from an external client computer authenticates as expected.

Cure

A Windows security update is responsible for a loopback check security feature that is meant to prevent reflection attacks. Authentication fails if the host header does not match the local computer name. Disable the loopback check in the registry:

  1. Run regedit.
  2. Find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
  3. Add a new DWORD value called DisableLoopbackCheck.
  4. Modify the new value data to 1.
  5. Reboot.

Related

Let Us Help You!

We're Librarians - We Love to Help People