Authentication

Because Infor Public Sector is adding files to a shared directory on a separate machine, it must use an account that is recognized by both servers for authentication. There are two ways to authenticate requests to the network share.

The first option is to use a single network account that has read/write privileges on the network share, such as a dedicated account called IPSAttachments. This can be done with or without ASP.NET impersonation.

  • If impersonation is disabled, the application pool identity is used for authentication. This means the application pool identity must be set to the IPSAttachments account.
  • If impersonation is enabled, the application pool uses the IPSAttachments account for authentication, rather than its own identity. Impersonation can be done at the root of the Infor Public Sector web application, or at page level.

The other option is to authenticate users individually. This means that each individual user must be granted read/write privileges on the network share, or added to a domain group that has read/write privileges. This method requires Windows authentication and SPN delegation between the machines.