Product DocsMenu

Adding Security Providers to a .NET Search Interface

A Coveo .NET Front-End search interface can get and pass to the Coveo Back-End server the identity of the user performing a query so that only documents this user has permissions to see are returned in search results.

Sometimes a user needs to search using multiple user identities at the same time. You can allow a user to do this by associating one or more security providers to the .NET search interface. When one or more security providers are added to a .NET search interface, a lock icon () appears in the top-right corner of the .NET search interface to allow the user to access a login form where they can enter additional credentials (see Providing Additional Credentials to Search More Content in .NET Search Interfaces).

Example: A user is logged in with their Windows account and accesses the All Content .NET search interface in a Coveo Web access point. The user queries return only documents that their Active Directory account has permissions to see, not Claims-enabled SharePoint documents that the user should legitimately see.

You add the SharePoint Claims security provider to the .NET search interface. The user can log in to provide their SharePoint Claims credentials. When this is done, both his Active directory and Claims identities are passed to the Back-End server so that Claims-enabled SharePoint documents can also be returned in the search results.

Notes:

  • You must first configure the security provider in the Administration Tool (see Adding or Modifying a Security Provider).

  • The login form requires a secured .NET search interface access (HTTPS). When the search interface is accessed via HTTP, the login form includes a message indicating that HTTPS must be used.

  • Coveo .NET Front-End 12.0.295+ (August 2013) The username and password are sent to the server via the SSL connection and an authorization token is stored in an end-user browser cookie (not the username and password). By default the cookie expires when the user closes the browser but to avoid having to log in for each new browser session, selecting the Keep me logged in check box makes the cookie valid for one month.

  • When adding a Claims SharePoint security provider, ensure that the Coveo web service is installed on a SharePoint front-end server to allow the login to work (see Installing the Coveo Web Service, Search Box, and Search Interface into SharePoint).

To add security providers to the .NET search interface

  1. Access the Coveo .NET Front-End Interface Editor (see Opening the .NET Interface Editor).

  2. Access the Search Interfaces tab.

  3. Select Advanced > Security Provider.

  4. Click Add New.

  5. In the Edit Security Provider page:

    1. In the Title box, enter a descriptive name for the security provider. This name appears in the lock icon pop up window and in the login form.

    2. In the Security Provider drop-down list, select the appropriate security provider.

      Example: For Claims-based SharePoint server, select your Claims security provider.

      Note: The Security Provider lists only security providers of types supporting the login feature. By default only Active Directory is available. Ensure that one or more valid security providers of type supporting the login are configured in CES.

    3. Select the Automatically Ask to Login check box when you want to automatically display the login form in the search interface when a user starts a search session.

      It is generally recommended to select this check box to systematically propose to users to provide their additional credentials so that all search results to which they are entitled are returned. When the check box is cleared, the user must know and remember to manually click the lock icon on the search interface top bar to open the login form and enter his credentials.

      Notes: The Login or Cancel user actions are persisted on a per user per browser basis. As long as a user is using the same browser session, he will not have to log in again or cancel an automatic form. For security reason, only an authorization token provided by CES is stored in a browser cookie, not the entered Username and Password.

    4. Click OK.

  6. It is recommended to configure IIS to force an HTTPS search interface connection or automatically redirect HTTP to HTTPS to prevent users from seeing the login form error message (To login, your browser must connect via HTTPS (secured HTTP connection).) and having to manually change the search interface URL from http:// to https:// (see IIS7 : HOW TO force a website to use SSL? and HTTP Redirects <httpRedirect>).

What's Next?

Go back to the search interface, refresh the page, and then login with your additional identity to validate that you can now find documents secured with this additional identity (see Providing Additional Credentials to Search More Content in .NET Search Interfaces).

People who viewed this topic also viewed