11.0
© 2014 ABBYY Production LLC. All rights reserved.
52
1. Standard IIS authentication. Users are authenticated with their Windows accounts using Windows or Basic
authentication in IIS. Then users’ identification in ABBYY FlexiCapture is performed according to their logins.
This method requires minimal configuration and is suitable for scenarios where all FlexiCapture components
and users are in the same domain.
If the whole system or some of its components are outside of the domain, then a pass-through authentication
should be used for the standard IIS authentication. The general principle of the pass-through authentication
is as follows: for the user of the computer M2 working under the local account M2/User[password] to be au-
thorized on the computer M1, this account should be duplicated on the computer M1 down to the password
(that is, M1/User[password] should be created).
Example of using pass-through authentication
Suppose the Processing Station is installed on the computer M1 which is not included in the domain of the
Application Server. In this case, a local user M2\User[password] must be created on the computer M2 where
the Application Server is installed and the same local user must be created on the computer M1:
M1\User[password]. Then the service of the Processing Station must be started under the
M1\User[password] account. Now the Processing Station can be authenticated on the computer where the
Application Server is installed.
Note: If the Application Server is installed outside the domain, the setup may be time-consuming. You will
need to start the IIS pools and the services of the Application Server and the Processing Stations under spe-
cially created local Windows accounts and configure pass-through authentication for these users on all com-
puters of the system.
2. Authentication by means of ABBYY FlexiCapture. In this case, the FlexiCapture Authentication Module is in-
stalled in IIS. This module performs user authentication based on information which is stored in a
FlexiCapture database. This allows you to use user accounts which are not related to Windows user ac-
counts.
This method is convenient for users located outside the domain where the Application Server is installed, e.g.
for operators who work remotely over a Web-based interface.
If this authentication method is used, a Web-based interface for login to the system (http://<server
name>/login) is also installed. This is a single entry point for Web operators which new operators can use to
self-register in the system and request access rights to stations.
Users of interactive processing stages (e.g. scanning, verification, etc.) can use both types of authentication. The Pro-
cessing Server and Processing Stations can work only with standard IIS authentication.
Note: In IIS, requests to the Application Server are processed by the <Default
Site>\FlexiCapture11\Server\WebServices.dll library, which is available both with Windows and Basic authentication.
During the installation of the FlexiCapture Authentication Module, the <Default
Site>\FlexiCapture11\Server\WebServicesExternal.dll is also installed. This library is a copy of WebServices.dll, but it
is available when using ABBYY FlexiCapture authentication. Thus, the Application Server is available to all system
components at the same time both with standard authentication and with FlexiCapture authentication. When the user
on whose computer the stations are installed tries to open a project, he is prompted to choose which authentication to
use to access the Application Server. Web-clients can also work with both authentication types; the type being used is
determined by using the key UseCustomAuthentication in the file web.config on each Web station: if the key is set to
true, authentication is performed by means of ABBYY FlexiCapture, if the key is set to false, standard means of au-
thentication is used. By default, the key is set to false if the FlexiCapture Authentication Module is not installed, oth-
erwise the key is set to true.
To use only standard IIS authentication (the first method), the Authentication Module feature must be disabled during
the installation of FlexiCapture servers (the feature is disabled by default). To use ABBYY FlexiCapture authentication
(the second method), this feature must be selected when installing servers, or you can install it later via the Control
Panel (select Control Panel -> Program and Features -> Modify).
Creating a database
After you install the program and activate the license, it is necessary to configure the system. The first step is to create
a database.
Important! Under Windows Vista, Windows 2008 or later versions of the Windows operating system, a database must
be created with UAC disabled. If UAC is not disabled, a database can be created, but the Application Server will not
be able to connect to it.