HowTo: Requiring login in GeneXus Server

Unofficial Content

GeneXus Server (GXserver) is installed with the security setting turn off by default. If you want to enable security just click the "Require Login: Yes" — or  "Secure Instance" if working with Xev2 Upgrade # 2 or prior versions — checkbox in the Setup wizard.

Installing an instance of GeneXus Server to require login

After the setup ends, if the "Require Login: Yes" — or  "Secure Instance" if working with Xev2 Upgrade # 2 or prior versions — was checked during the Setup process, the server will ask you for credential when connecting to it.

GXserverSetupSecurityPageEnabledEv3

See GeneXus Server Installation Process for further details about the installation process.

To use security you need to enable https in your web server by installing an SSL certificate. This configuration must be performed after the installation process has ended.
You can check the necessary steps and files for a test environment in article here. It is highly recommended that you contact your system administrator for setting https in a production environment.

You can test if this change works correctly by accessing the server url with https instead of http in your browser.

Notes:

  • If your server already works with https you don’t need additional changes in your settings.
  • Even when a secure GXserver is available, http would still have to be used instead of https, as would be expected. So, in a locally installed GXserver, the URL to the main page would be http://localhost/GeneXusServer/main.aspx.
    This is because the HTTP — port 80 — service is used to check the availability. But internaly GeneXus uses WCF with HTTPS.

How to enable login to an instance installed already configured to not requiring login

If GXserver is already installed and you want to require login, instead of "anonymous" access,  you must:

  • Back up each one of the  web.config files located under {GXserverInstallDir}\vdir.
     
  • Rename the "web.config" file (located under {GXserverInstallDir}\vdir) as web.base.config
     
  • Rename "web.secure.config" file (located under {GXserverInstallDir}\vdir) as "web.config"
     
  • Open 'Internet Information Service Manager' and select the GXserver application.
     
  • Open "Handler Mappings" and check if "svc-ISAPI-2.0" is listed, if not add it.
     
  • Then right-click "svc-ISAPI-2.0" and select option "Revert to parent".
     
  • Finally restart GXserver application pool or IIS. 

Note: If any change was made to the web.config remember to update the newly renamed one.

If the SSL certificate is not installed the following error is displayed:

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectName', FindValue 'localhost'.

See HowTo: Setting up an SSL Certificate in IIS for GeneXus Server in order to configure the SSL certificate.

Once Authentication is enabled

By default there are two types of authentication methods available: Local and GXtechnical.

The default local user is admin with password admin123.

Server Authentication

In the Security tab of the GeneXus Server you can change this user and add new users as needed and also set Roles and Permissions.

GXserver Security tab

With the GXtechnical authentication you can login in into the server with any valid GXtechnical user.

You can configure to use just one of the Authentication Methods in the Security/Advanced tab in the GXserver's UI. Search for "Advanced tab" in GeneXus Server Security Section (X Evolution 3) for details on how to enable/disable authentication methods.

Note: If the following exception is thrown on the browser

Unable to use SQL Server because ASP.NET version 2.0 Session State is not installed on the SQL server. Please install ASP.NET Session State SQL Server version 2.0 or above.

Comment the session state in the web.config file.