GeneXus Server (GXserver) is installed with the security setting turn off by default. If you want to enable security just click the "Require Login: Yes" — or "Secure Instance" if working with Xev2 Upgrade # 2 or prior versions — checkbox in the Setup wizard.
After the setup ends, if the "Require Login: Yes" — or "Secure Instance" if working with Xev2 Upgrade # 2 or prior versions — was checked during the Setup process, the server will ask you for credential when connecting to it.
See GeneXus Server Installation Process for further details about the installation process.
To use security you need to enable https in your web server by installing an SSL certificate. This configuration must be performed after the installation process has ended.
You can check the necessary steps and files for a test environment in article here. It is highly recommended that you contact your system administrator for setting https in a production environment.
You can test if this change works correctly by accessing the server url with https instead of http in your browser.
Notes:
- If your server already works with https you don’t need additional changes in your settings.
- Even when a secure GXserver is available, http would still have to be used instead of https, as would be expected. So, in a locally installed GXserver, the URL to the main page would be http://localhost/GeneXusServer/main.aspx.
This is because the HTTP — port 80 — service is used to check the availability. But internaly GeneXus uses WCF with HTTPS.
If GXserver is already installed and you want to require login, instead of "anonymous" access, you must:
- Back up each one of the web.config files located under {GXserverInstallDir}\vdir.
- Rename the "web.config" file (located under {GXserverInstallDir}\vdir) as web.base.config
- Rename "web.secure.config" file (located under {GXserverInstallDir}\vdir) as "web.config"
- Open 'Internet Information Service Manager' and select the GXserver application.
- Open "Handler Mappings" and check if "svc-ISAPI-2.0" is listed, if not add it.
- Then right-click "svc-ISAPI-2.0" and select option "Revert to parent".
- Finally restart GXserver application pool or IIS.
Note: If any change was made to the web.config remember to update the newly renamed one.
If the SSL certificate is not installed the following error is displayed:
Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectName', FindValue 'localhost'.
See HowTo: Set up an SSL Certificate in IIS for GeneXus Server in order to configure the SSL certificate.
By default there are two types of authentication methods available: Local and GeneXus Account.
The default local user is admin with password admin123.
In the Security tab of the GeneXus Server you can change this user and add new users as needed and also set Roles and Permissions.
With the GeneXus Account authentication you can login in into the server with any valid GeneXus Account user.
You can configure to use just one of the Authentication Methods in the Security/Advanced tab in the GXserver's UI. Search for "Advanced tab" in GeneXus Server Security Section for details on how to enable/disable authentication methods.
Note: If the following exception is thrown on the browser
Comment the session state in the web.config file.