We want to provide access to a Trim dataset over the Internet via Webdrawer. If the user's have to login that's fine. For this to work you would install Webdrawer on an IIS server obviously. Now I believe the workgroup server components are required. Is this because Webdrawer uses the Trim SDK to connect to the dataset? If so, why can't you just install the minimal client install? What do the server components provide to Webdrawer that the client components do not. The SDK dlls are there for client installs that I've seen.
Now in our scenario we want Webdrawer to connect to a remote Trim server as we don't want Trim along with services and it's document store on the IIS server. Can this be done? As long as the Webdrawer server can get to port 1137 will this work? How will authentication work if we torn on basic authentication in IIS? Will Webdrawer be able to present that user to a remote Trim server? Where do the users need to be created?
Or should the Trim services be installed and used on the IIS/Webdrawer server in this scenario and only the document store and database be located remotely.
Well I set this up so that Webdrawer is on one IIS machine in one subnet running in a Windows Workgroup (no domain). Then in another subnet under a different Windows Workgroup where we have SQL Server and the document store I installed a Trim Workgroup Server. We want to do this so as to separate out the Trim Services and the document store from being on the IIS machine. We want to do this as we want to host an over the Internet web based application that connects to Trim. And we want users to be able to use Webdrawer to view and search for their records. However when I go to the IIS/Webdrawer server and click on the Webdrawer ISAPI Configuration tool to setup the dataset that Webdrawer will connect to I can enter the IP address of the Trim Workgroup server and it turns bold but when I hit the Next button I get the following error in a dialog box.
Remote: Unknown error.
Firewall is fine as I made a change to allow port 1137 from the Webdrawer machine to the Workgroup Server and I've watched as the connection is made so that's fine. I only found one article about this and I've listed it below. Is this error happening because Webdrawer is not in the same domain/workgroup as the Workgroup Server? Can this work? If not is a solution to have a Workgroup Server in the same Windows Workgroup, but still separate machine, from Webdrawer so as to keep the separation?
I set the password of the user I was setting up Webdrawer with to be the same as the user's password over on the Trim server. For instance I was logged in as administrator. I changed the administrator's password to be the same as the administrator on the other server. Got past this portion. Used this post for the solution.
Now I get a prompt when I first go to the Webdrawer site. I put in my credentials and get the Webdrawer site. All looks good. However when I do a search I get another prompt. Gotta figure this next part out. Last time I got this I needed to make sure the Webdrawer app pool was running as the Network Service account as the manual says. I've already got that set up so this is a new issue.
Maybe in the old Webdrawer standalone. This is Trim 7.1 and therefore Webdrawer ISAPI.
The second prompt I figured out why. IIS is passing the user "ANONYMOUS LOGON" over to the Trim server as I'm in a double hop scenario. And IIS is not going to pass Windows credentials over there and therefore I guess that is why it's passing ANONYMOUS LOGON. If I go into Trim and set a user to be mapped to an operating system user called ANONYMOUS LOGON then the search seems to work. Obviously this is not ideal. What's strange is that this works only if I log onto IIS as the administrator which I installed Webdrawer as. Even if I connect as another administrator I get prompted again and it doesn't work.
Can Webdrawer utilize the new delegation available in Trim for the Webclient in a double hop environment? Any hints on getting around this problem?
Well we just turned on anonymous authentication, set it for a specific operating system user, disabled Windows Authentication, and in Trim have a user mapped to the operating system user. Works but no prompts, no authentication being done and really no security.
I thought that's how Webdrawer is supposed to work: General anonymous (ie. public) access that you set up with a read only or restricted user location. If you need more locked down internet access, I think you'll have to use a different web implementation like Ice or Web Server.