Setting up Delegation in a Domain Controlled Environment – XpressDox

Setting up Delegation is necessary in a Windows Authentication environment, when the File server is not the Application server.

In IIS:

  • Enable Windows Authentication and Impersonation

 

 

 

  • In the Configuration Editor, take note of the following settings:

 

 

  • In the site’s Application Pool, go to Advanced Settings and set the Identity to ApplicationPoolIdentity.

 

 

 

In SharedSettings:

  • In the SharedSettings file, located in the WinAuth install folder, add the UNC path to the available locations

 

 

 

Access rights:

  • Grant users or user groups in the Active Directory access levels; either full access rights or read only. This should be done on the File Server where the UNC share was created.

 

 

 

On the Domain Controller:

  • Set the correct delegation setting for the IIS server on which XpressDox is run

 

 

Testing Kerberos Authentication:

  • Open your XpressDox URL as below, and check for the following two properties:
  • <yourXpressDoxURL>\authtestpage

 

Configure the list of servers that Microsoft Edge / Chrome can delegate to.

For Chrome, follow these instructions

And for Edge, follow these instructions