Converse agora com nosso suporte
Chat com o suporte

Active Roles 7.4.3 - Web Interface Administration Guide

Introduction Deploying the Web Interface Getting Started Web Interface Basics Performing Management Tasks Using Approval Workflow Customizing the Web Interface Default Commands

Customizing the Home page

The Home page of the Web Interface site includes a number of items that serve as entry points to individual sections of the Web Interface. Each item occupies a clickable area on the Home page, and includes the caption (name of the item), text describing the item and a picture providing a graphical illustration of the item. Clicking an item displays a page that is identified by a certain property of the item (this property is referred to as “URL to open”).

You can add, modify, re-arrange, and remove items on the Home page. A point-and-click interface helps you manage the items, providing flexible options to customize the Home page.

The changes you make to the Home page affect every user of the Web Interface site. For example, when you remove an item from the Home page, the item is not displayed to any user of the Web Interface site.

To customize the Home page

  1. On the Home page of the Web Interface site, click Customization.
  2. Click Customization Tasks; then, click Customize Home Page in the right pane.
  3. In the list of items, click to select the item you want to change, and then use command buttons to make changes.

The following table provides an overview of changes you can make

 

Table 2: Home page customization tasks

To

Do This

Add an item to the Home page.

Click Add. Type a name for the new item and the URL of the page you want the new item to open. Optionally, type any text to display in the item area, and change the picture for the item. Then, click OK.

Change the position of an item on the Home page.

Select the item and click the Up or Down arrow button.

Change the name or description text of an item.

Select the item and click Properties. Then, type the name or description text you want, and click OK.

Change the picture to be displayed in the item area.

Select the item and click Properties. Under the Picture to display label, click Change. Type the path and name of the picture file, or click Browse to select and open the picture file. Then, click OK.

Hide an item so that it does not appear on the Web Interface pages.

Select the item and click Hide. (To display an item that is hidden, select the item and click Unhide.)

By adding a home page item, you can customize the Web Interface to integrate custom applications together with the Web Interface pages. The Advanced properties section in the dialog box for managing a home page item provides the Open the URL in a frame option for this purpose. This option can be used, for instance, to integrate the Quest Password Manager application into the Web Interface.

With the Open the URL in a frame option, a home page item can be configured to open a Web application so that the application’s pages are embedded in a standard Web Interface page. When this option is selected, the page identified by the URL to open property of the home page item is embedded in a Web Interface page instead of being displayed in place of the Web Interface page in the Web browser window.

The Advanced properties section also provides the ability to configure a home page item so that a number of optional parameters are automatically appended to the query string of the URL when the user clicks the item. This enables the Web Interface to pass certain data to the Web application associated with the home page item. You can modify parameter names. The parameter values are generated by the Web Interface when the user clicks the home page item. The following table summarizes the available parameters.

 

Table 3: Query string parameters

Parameter Name

Parameter Value

DN

Distinguished Name (DN) of the user account of the Web Interface user. Example: DN=CN%3dAaron%20Beh%20Santos%2cOU%3dEmployees%2cDC%3dDomain%2cDC%3dCompany%2cDC%3dCom

IdentificationDomain

DNS name of the Active Directory domain that holds the user account of the Web Interface user. Example: IdentificationDomain=domain.company.com

IdentificationAccount

Pre-Windows 2000 name (sAMAccountName) of the user account of the Web Interface user. Example: IdentificationAccount=ASantos

LCID

Hex code of the locale identifier specific to the Web Interface language selected by the Web Interface user. Example: LCID=409

IsDsAdmin

“True” or “False” depending on whether or not the Web Interface user is assigned to the Active Roles Admin role and thus has administrative rights on Active Roles. Example: IsDsAdmin=False

CurrentLanguage

Locale name specific to the Web Interface language selected by the Web Interface user. Example:
CurrentLanguage=en-US

PortalHomePage

URL of the Home page of the Web Interface site you are customizing. Example: PortalHomePage=http://Server/ARServerSelfService

TaskID

The identifier of the Web Interface command used to open the URL. Example: TaskID=d8371ae8-1215-40ac-b0c4-391c3225a426

 

Configuring Web interface for enhanced security

 

By default, Web Interface users connect to the Web Interface using an HTTP transport, which does not encrypt the data transferred from a Web browser to the Web Interface. To use a secure transport for transferring data to the Web interface, it is recommended to use an HTTPS transport.

The secure hypertext transfer protocol (HTTPS) uses Secure Sockets Layer (SSL) provided by the Web server for data encryption. For instructions on how to enable SSL on your Web server, see https://support.microsoft.com/en-in/help/324069/how-to-set-up-an-https-service-in-iis.

Any Web interface is prone to security issues such as Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS ) attacks. To prevent and protect against such attacks Active Roles can now be configured to enable CSRF and XSS for the Web interface.

Cross-Site Request Forgery (CSRF) attacks can force users to execute unwanted actions on the Active Roles web application in which they are currently authenticated. To prevent CSRF requests Active Roles must be enabled to use Anti Forgery protections.

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Hence, any script that is sent to Active Roles must be validated for malicious content before accepting and executing the script. To perform the script validation XSS must be enabled for Active Roles.

 

To configure keys in the Web interface

  1. From Windows Run, open IIS and Expand Default Website.
  2. Click the Active Roles Application.

    NOTE:ARWebAdmin is the default Active Roles application.
  3. In the right pane, in the Configuration Editor, from the Section drop-down menu, select <Settings>.
  4. Click on the button corresponding (Count=*), and click Add in the right Pane.
  5. Enter the following values:
    1. Key: "<keyname>"
    2. Value: "<value>"
  6. Close the window and click Apply under Actions menu in the right pane.
  7. Restart the App pool.

Enabling CSRF

Current Active Roles Web Interface uses Anti Forgery protections to prevent Cross-Site Request Forgery (CSRF) request, by default.

To modify CSRF add the following scripts in web.config | <appSettings> section:

  • <add key ="EnableAntiForgery" value="true"/> <!--Key to enable or disable Antiforgery , Values= true or false -->
  • <add key="IgnoreValidation" value="choosecolumns,savetofile,customizeform,default,2fauth,formmap"/>

Working with Cross-Site Scripting validation for Web interface

Current Active Roles Web Interface validates the cross-site scripting, by default. The Cross-Site Scripting (XSS) option allows Active Roles to determine whether a request contains potentially dangerous content.

To modify XSS add the following scripts in web.config:

  1. In the <appSettings> section, add the following scripts:

    • <add key="EnableRequestValidation" value="true"/>

    • <add key="IgnoreForValidation" value="hiddenxml,homepagestruct,txtconditionsforoperationsinreadableform"/>

      For environments having Lync Server or Skype for Business Server, in the IgnoreForValidation key add the following to the existing value:

      dialplanpolicytextbox,voicepolicytextbox,edsva-lync-conferencingpolicy,edsva-lync-clientversionpolicy,edsva-lync-pinpolicy,edsva-lync-externalaccesspolicy,edsva-lync-archivingpolicy,edsva-lync-locationpolicy,edsva-lync-mobilitypolicy,edsva-lync-persistentchatpolicy,edsva-lync-clientpolicy

  2. In the <system.web> section, add the following scripts:

    • Set key in <httpRuntime/ >: requestValidationType="ActiveRoles.Web.Application.CustomValidation.CustomRequestValidation".

      NOTE: requestValidationMode should be set to 4.0.

    • Set key in <pages /> : validateRequest="true".
Documentos relacionados