Mstr Web Admin Login

[teccum]

When I try to login into the Web Adminstrator through the Program files --> Microstrategy --- > Microstrategy Web Administrator. I am also able to login through the link in the Web login page where it say's "Go to the Administration Page".

It allows me to the web administration page without any authentication. I am just wondering if the users also try to enter the web admin login page then they would have access to the web administration page and then there is security issues like if someone changes the settings etc.

How do I restrict this page and how to make an authentication enable before logging into the web administration page.

Why there is no logout option?


Thanks in advance for your helps.

 

[mizh]

I assume you're using 7.5.x Web on Windows, which is a straight ASP.NET application hosted on IIS. TN5600-75x-1091 will give you the details on how to set up security (specifically, you want to change permissions on Admin.aspx.)

 

[teccum]

Hi Mizh,

Thank you. I will check on the thread you mentioned and will let you know.

thanks
teccum

 

[teccum]

Mizh,

I went through the information on the tech note but I am not able to understand why when I click on the admin.aspx page, it directly allows anyone to view the Intelligent server connection and websetting information which should normally be given to only to the administrator.

In this case, it should initially open a login and password screen or page where only the administrator of the web can be able to login in to that and then he should see the server connection information where he can add the intelligent servers. Unless he creates a user id and gives web administrator privileges other should not be able to login into the web administrator page.

Also, another issue which I face is...after logging into the web I find a message like

-----------------------------------------------------------
F:\Inetpub\intranet\v2\modules\msreports\WEB-INF\xml\sys_defaults.xml (Access is denied)

***********************

at the top of everypage in the web.

I am using Microstrategy ver 7.5.3 products and Mstr Web Universal, I.I.S ver 6.0.

Do anyone have information or idea on this. Kindly help!!

thanks
teccum

 

[MSTRPRG]

teccum,

Althought it might seem natural to protect the Admin page with login, but the reason for its absence is simple.

In order for login to work, the I-Server needed to be connected to the MD DB to authenticate the admin user privilages. Since we can not assume that I-Server is connected at all times, then you can not impose login on the Admin page.

The simple fix for this is to set exclusive permissions for Admin page using the IIS authentication procedures to only allow the Admin user access it.

Hope this helps.

 

[FLB]

Sounds like the problem with the chicken and the egg.... How can you login to the admin page if you can not connect to the I-Server.... ;-)

The "Web Admin" features mostly allow you to define "Project Level Admin" settings. The extension to that are the Web-level admin settings. You can be a project-level admin and not have the right credentials to access the web admin section.

The username/password to use will be "OS" / "App Server" specific (i.e. not a MicroStrategy login). Make sure you install the product properly to prevent the "regular" users from accessing the admin section (either on ASP.Net or any other Java app server).

HTH,
FLB

 

[teccum]

Thanks MstrPrg and FLB for your reply.

MSTRPRG,
I understand one has to get connected to the M.D repository and to the server to add the I-Server and to login, into the projects. But my issue is the webadmin.aspx login page displays all the information including that of the settings. One of the reason is security. If a user tries to enter the same web page then he can also log into the web administrator and change the settings.

I went through the thread (TN5600-75x-1091) given by Mizh and changed the settings through the I.I.S, but still the webadmin page is displaying without asking for authentication. I do not know where I am going wrong on changing this setting or I think I am missing to do something in the process of changing this.


FLB.

What I meant to say is when I login initially to Mstr Web Administrator, the first page which displays should have a user id and password option. So, only the administrator can login into to the Web Administrator and do the web administration changes, such as security, server settings etc. In the current environment anyone who knows the web path can type that in the web address and get into that page. I have seen in earlier versions of 7.1, 6.0 and 5.0 versions where the adminstrator login page will display initially.

This is a issue and has we can find a thread which Mizh has mentioned in the Mstr Knowledge base.

thanks
teccum


thanks
teccum.

 

[FLB]

In our deployed environment, the admin site is protected. It should be protected! (we are using Web Universal here; in dev, we use Tomcat and the users that can access the admin page are users defined in Tomcat -> we get a popup window to enter UID/PWD)

If you are using Web ASP.Net, make sure you "tell" IIS that only this NT group can access the admin resource (might be transparent as it is using NT authentication by default -> no UID/PWD to enter but credential validated by NT anyway; if you change authentication mode to "standard", then you should see the popup window).

HTH!
FLB

 

[mizh]

Make sure that only authenticated users have access to Admin.aspx and anonymous users are not listed under the File Security tab in IIS. Reboot IIS.

If you're still having problems, you'll have to post screenshots of the IIS pane and the File Security tab settings. This problem is something that your IT people should be able to help you with though -- just ask your sysadmin how to restrict access to a specific web page to specific users.

 

[teccum]

FLB,

Thanks onceagain for your reply.

This is what I have done and I followed the steps.

Logged into I.I.S. ver 6.0.

Mstr web server has been installed in the following
directory.

WEBSITES:Intranet(website)\Modules\MS Reports\

It is under MS Reports folder all the MSTR web components were installed and it has all the web components folders.

Here are the steps which I did.

#. Navigated to the asp folder.

#. located the admin.aspx file.

#. Opened the Properties window for that file.

#. Navigated to "File Security" Tab in the properties
window of the file.

#. Selected (Edit option) for "Authentication and
Access Control Option".

#. checked the Enable anonymous authentication and gave
the username and password and applied it.

#. Under the "authenticated access area"
Integrated windows authentication was checked.
Digest authentication for windows domain server was
unchecked.
Basic authentication(password will be sent in clear
text) -- was unchecked.
.Net passport authentication unchecked.


***************

Now after these should I need to restart I-Server
or Webserver.

Should I do any other steps other than this.

Thanks
teccum.

 

[teccum]

All,

Just to update, I could not try further options on this subject, since my web administrator informed me that he will take care of restricting the access of the admin.aspx page to all the users. So it is possible to restrict the access of this admin.aspx page alone.

Thanks everyone.

teccum.