Configuration Parameters

By default, the security extension modules are installed when you install CCF. The security extensions are configured to operate under the Windows NTLM authentication protocol by default because this configuration matches the Scenario 1. Use of the modules is optional; however, if you choose to use them, you must configure the modules that you need.


The authenticationMode parameter value is located in the configuration file, AgentDesktop.exe.config, which is in the CCF installation directory. To understand how the parameter is used, open the config file in an editor, such as Visual Studio. The authenticationMode parameter, <add key="authenticationMode" value="Windows"/>, is located in the <appSettings> … </appSettings> section. In most cases, you will find this section at the end of the file.

The two values available for authentication Mode are:

  • Windows – This specifies standard, default Windows authentication as used in Scenario 1. In this mode, the agent logs on to the computer, and the logon credentials are used throughout the session. The ID application does not display a logon window when it starts.
  • Custom – This specifies that an authorization mode other than Windows is used, as in Scenarios 2 and 3. In custom mode, the agent logs on to the computer, and then must log on to the ID separately.

In Scenarios 2 and 3, the defaultProvider parameter identifies the provider for the AgentLoginManager Web service. The defaultProvider value is located in the Web.config file for the AgentLoginManager, which is located in <InstallDir>\Inetpub\wwwroot\Microsoft.Ccf.Csr.WebServices.ContactCenter.AgentLoginManager

The default provider section uses the following pattern.


                    <providers>
<add name="name" type="type" connectionString="Connection String"/>
</providers>

                  

There are two default providers for this Web service:

  • WindowsAuthenticationProvider – This provider compares the logon data with the authentication data that is stored in the CCF Active Directory. This provider is used in Scenario 2 described at the beginning of this section.
  • CustomAuthenticationProvider – This provider compares the logon data with authentication data stored on a third-party directory service or a non-trusted Active Directory. After the directory service verifies the authentication data, it passes the data to the CCF Active Directory. This provider is used in Scenario 3.

The following code is an example of the provider configuration XML code.


                    <!--Agent Login Manager-->
<Csr.WebServices.Providers.ContactCenter.AgentLoginManager.AgentLoginManager defaultProvider="WindowsAuthenticationProvider">
<providers>
<add name="WindowsAuthenticationProvider" type="Microsoft.Ccf.Csr.WebServices.Providers.ContactCenter.WindowsAuthenticationProvider,Microsoft.Ccf.Csr.WebServices.Providers" connectionString="Server=CCFSQL;Integrated Security=true;Database=CCFInfrastructure;Pooling=false"/>
<add name="CustomAuthenticationProvider" type="Microsoft.Ccf.Csr.WebServices.Providers.ContactCenter.CustomAuthenticationProvider,Microsoft.Ccf.Csr.WebServices.Providers" connectionString="Server=CCFSQL;Integrated Security=true;Database=CCFInfrastructure;Pooling=false"/>
</providers>
</Csr.WebServices.Providers.ContactCenter.AgentLoginManager.AgentLoginManager>

                  

The ID reads any changes to the AgentDesktop.exe.config file, and it operates according to the changes. However, if the project is rebuilt, the binaries are created in the Agent Desktop bin\debug or the bin\release folder. In the process, the original, unchanged App.config file from the project code is copied to the output folder as AgentDesktop.exe.config. ID will use this configuration file if it runs from the output directory.


The VerifyCredentialsAgainstIIS parameter tells CCF to verify the credentials before they are stored in the ID. This parameter is used in Scenario 3 to check the logon credentials that the agent supplied against the credentials in Active Directory. If they are valid, the credentials are passed on to the AgentLoginHelper Web service.

This parameter is not used Scenario 1 because Active Directory performs the authentication directly.

This parameter is also unnececessary in Scenario 2, because if you set this parameter to true, Active Directory checks the credentials twice, which is redundant.

The parameter <add key="VerifyCredentialAgainstIIS" value="true"/> is found in the <appSettings> section of the Web.config file for the AgentLoginManager. The value “true enables the verification, and “false disables the verification. The config file is located in the following folder: <InstallDrive>\Inetpub\wwwroot\Microsoft.Ccf.Csr.WebServices.ContactCenter.AgentLoginManager


In Scenario 3—which uses third-party authentication—these two parameters point to the URI of validator_assembly and to validator_assembly_type. They are located in the Web.config file of AgentLoginManager.

In Scenario 3, the third-party authentication implements the interface Microsoft.Ccf.Csr.ICustomLoginValidator. A sample implementation of third-party authentication is provided in the source code. The sample is located in: <InstallDir>\ProgramFiles\MicrosoftCCF2009\SourceCode\Microsoft.Ccf.Samples.Csr.AgentDesktop\Microsoft.Ccf.Samples\Csr\CustomLoginValidator.

The following is an example of an <appSettings> section that contains all three parameters: VerifyCredentialsAgainstIIS, Validator_assembly_URI, and Validator_Assembly_Type.


                    <appSettings>
  <!-- Flag to decide whether to verify the credential against IIS or not -->
  <add key="VerifyCredentialAgainstIIS" value="true"/>
  <!-- This should point to the third party custom authentication provider dll. 
      -->
  <add key="validator_assembly_URI" value=" C:\ CustomLoginValidator\bin\Release\Microsoft.Ccf.Samples.Csr.CustomLoginValidator.dll "/>
  <!-- This should point to the third party custom autentication provider assembly type. -->
  <add key="validator_assembly_type" value="Microsoft.Ccf.Samples.Csr.CustomLoginValidator.CustomLoginValidator"/>
</appSettings>

                  

Show: