Securing logons and authorization persistence

Following is information to help you control user logon behavior and troubleshoot logon issues.

Conflicts from shared Windows logins

iMIS employs the ASP.NET login controls and uses HTTP cookies for state information. If two different iMIS users share the same Microsoft Windows login on the same client system, iMIS features that use cookie data may appear to confuse one user with the other. To avoid this problem, always ensure that every iMIS user has a unique Windows login.

Authorization persistence: web clients

By default, web client users can make their authentication record authorization persistent. To disable this option, edit the Web.config file used for the iMIS application. iMIS Desktop users, by contrast, must always log on and be reauthorized each time.

Authorization changes: locating and disabling

By default, users are allowed to change their own logon name and password. To disable the option to change their logon, edit the Web.config file used for the iMIS application and change the AllowUsernameChange system parameter to false. The option to change their password cannot be disabled.

  • iMIS Desktop users can change their own logon name and password through the File > Change Password option, which displays the Enter new Logon or Password window.
  • Full and Casual users can change their own logon name and password through the Contacts tab.
  • Public users can change their own logon name and password through the account page if it contains the Change Logon Password content item.
  • Full users who belong to the SysAdmin role can change the logon name and password for other users through the System Setup feature of iMIS (From System Setup, select Security administration > Users).

About ODBC connections

The iMIS Desktop client uses information returned by an iMIS application server's ASP.NET authentication store to create an ODBC DSN for the database associated with that application server. So, iMIS Desktop users only need the URL of an application server with an instance of the iMIS application to ensure that they are using the correct iMIS database.

Removing user logon names

When you remove a logon under User Credentials by selecting the "-" button, then attempt to add the same login back using the "+" button, the contact gets two security records in iMIS. You can verify this problem by searching by username. When a contact has more than one record then they can not log on. If this happens, you must find the original username for the user and then select the play button for that user, then save the user record. This action deletes the records that need to be cleaned up and allows the user to logon again.