Email authentication
The email authentication extension is an authentication component that provides a simple authentication mechanism.
Once ShareAspace web and the ShareAspace collection are configured to use the email authentication users will be asked to provide their email address on the login screen. After this the user is asked for a sign in code. Provided that the user existed in ShareAspace an email will be sent to that user containing a login code that can be used for a limited time.
Prerequisites
The installation of the ShareAspace email authentication extension requires to have a machine that is running a Web Server (IIS).
- Software prerequisites for a Developer login server (IIS)
Installation steps
Run the installer
Run installer EmailAuthentication-x.y.z.build.msi to install the ShareAspace Email authentication extension on a Web Server (IIS).
Configuration
The Email authentication component need configuration values set in the appsettings.json file found in the installation folder of the Email authentication (normally at C:\Program Files\Eurostep\ShareAspace\EmailAuthentication).
{
"Logging": {
"LogLevel": {
"Default": "Debug"
}
},
"AllowedHosts": "*",
"NovaConfig": {
"SymmetricKey": "iE3xB7qr...qbO129/zHq4l31z1hoGg==",
"EnableApiEndpoints": true,
"BaseAddress": "https://xyz.eurostep.com/EmailAuthentication",
"ServerAddress": "https://sashost:5001"
}
}
SymmetricKey- a symmetric key generated (that should be generated) - this key must be provided when registering the developer login extension on a ShareAspace collection.BaseAddress- the address where the developer login component is hosted.ServerAddress- the ShareAspace Host address.
SymmetricKey
The SymmetricKey key should be generated as described in the section
Generate Symmetric Signing Keys.
Extension registration
This component must be registered as a Nova Extension on a bootstrapped ShareAspace collection for it to work.
Note
The Email authentication component must be up and running during the registration process since a manifest exchange will take place between ShareAspace and the extension.
param (
[Parameter(Mandatory = $true)]
[string]$NovaHost,
[Parameter(Mandatory = $true)]
[string]$PersonalAccessToken,
[Parameter(Mandatory = $true)]
[string]$Extension,
[Parameter(Mandatory = $true)]
[string]$ExtensionApiKey
)
$uri = "{0}/collection/externalExtension/novaExtension" -f $NovaHost
$pat = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$PersonalAccessToken"))
$headers = @{ "Authorization" = "Basic $pat" }
$body = @{ "hostUri" = $Extension; "apiKey" = $ExtensionApiKey; "tokenLifeTime" = 15 } | ConvertTo-Json
Invoke-WebRequest -Method Post -Uri $uri -Headers $headers -Body $body -ContentType "application/json"
Example:
.\Setup-Extension.ps1 -NovaHost https://xyzWeb:5001 -PersonalAccessToken " ... " -Extension "https://xyz.eurostep.com/EmailAuthenitcation" -ExtensionApiKey " ... "
IIS settings
When installing the ShareAspace Email authentication, an Application Pool named "EmailAuthentication" is created in IIS. By default the account running the Application Pool is the built-in account "LocalSystem".
Note
If another account has to be used for running the "EmailAuthentication" Application Pool, this account running the "EmailAuthentication" Application Pool must have read access to the Email authentication installation folder.