Database Authentication - AppGeo/GPV GitHub Wiki

In this GPV authentication mode users are authenticated based on account data stored in the GPVUser table. The GPV will present a login page to unauthenticated users.

IIS Virtual Directory Settings

For IIS for Windows Server 2012:

Bring up the Features View for the virtual directory containing your GPV instance and select the following settings:

IIS > Authentication
Anonymous Authentication - Enabled
ASP.NET Impersonation - Disabled
Forms Authentication - Enabled
Windows Authentication - Disabled
IIS > SSL Settings
Require SSL - Checked

For Older IIS Versions:

Bring up the property page for the virtual directory containing your GPV instance and select the following settings:

In Directory Security > Authentication and Access Control > Edit...
check Enable Anonymous Access
uncheck Integrated Windows Authentication
In Directory Security > Secure Communications > Edit...
check Require Secure Channel (SSL) - the GPV will have to be accessed using the HTTPS protocol

Web.config Settings

Set FormsAuthenticationMode in <appSettings> to "database".
Uncomment all sections in <system.web> labeled Database Authentication. These include:
<authentication mode="Forms"> with no user credentials
<authorization> denying access to anonymous users

Password Security

Passwords can be stored in the GPVUser table as either clear text or a 40-character hexadecimal hash value. If you would like to protect a password, do the following:

In a web browser, start the Admin/Hash.aspx page of your GPV (it will not require a login).
Select "Generate hash for a password to be stored in the GPVUser table".
Type in the desired password and click "Hash".
Copy the generated hash value and paste it into the ''Password'' column of GPVUser.

You can have a mix of both clear text and hashed passwords in GPVUser.

Administrative Login

Be sure to create a login for yourself in GPVUser with the admin role so that you can access the administrative tools.