Setting up Delegation is necessary in a Windows Authentication environment, when the File server is not the Application server.
In IIS:
- Enable Windows Authentication and Impersonation
- In the Configuration Editor, take note of the following settings:
- In the site’s Application Pool, go to Advanced Settings and set the Identity to ApplicationPoolIdentity.
In SharedSettings:
- In the SharedSettings file, located in the WinAuth install folder, add the UNC path to the available locations
Access rights:
- Grant users or user groups in the Active Directory access levels; either full access rights or read only. This should be done on the File Server where the UNC share was created.
On the Domain Controller:
- Set the correct delegation setting for the IIS server on which XpressDox is run
Testing Kerberos Authentication:
- Open your XpressDox URL as below, and check for the following two properties:
- <yourXpressDoxURL>\authtestpage
Configure the list of servers that Microsoft Edge / Chrome can delegate to.
For Chrome, follow these instructions
And for Edge, follow these instructions