M-Files | 3. System Administration | 227
Web and Mobile Access
M-Files Web provides a way of accessing your document vaults via a web browser. It is thus possible to use M-Files on any computer that provides the capability for web browsing.
The M-Files Web interface is managed with the M-Files Server computer. In a normal implementation, M-
Files Web is set to listen on TCP port 80 for the HTTP protocol, but there are other possibilities as well. For more information, contact M-Files customer support.
M-Files Web has been implemented with standard languages, such as HTML, DHTML, JavaScript, and
CSS. This makes it possible to use M-Files with various browsers, among them Chrome, Internet Explorer,
Mozilla Firefox, Opera, and Safari. Please see the
System Requirements and Technical Details on page
179 for details.
Enabling the Necessary Internet Information Services (IIS) Components
The following Internet Information Services (IIS) components need to be enabled on the M-Files Server computer before web and mobile access can be enabled:
• ASP.NET features
• Dynamic Content Compression
• Windows Authentication
• IIS Metabase and IIS 6 configuration compatibility
• Static Content
1. In Microsoft Windows open Control Panel and then open Programs and Features.
The Programs and Features dialog is opened.
2. On the task pane on the left, click Turn Windows features on or off.
The Windows Features dialog is opened.
3. Navigate to Internet Information Services > World Wide Web Services and enable the Common
HTTP Features feature.
4. Navigate to Internet Information Services > World Wide Web Services > Application Development
Features and enable the ASP.NET features.
5. Navigate to Internet Information Services > World Wide Web Services > Performance Features and enable the Dynamic Content Compression feature.
6. Navigate to Internet Information Services > World Wide Web Services > Security and enable the
Windows Authentication feature.
7. Navigate to Internet Information Services > Web Management Tools > IIS 6 Management
Compatibility and enable the IIS Metabase and IIS 6 configuration compatibility feature.
8. Navigate to Internet Information Services > World Wide Web Services > Common HTTP Features and enable the Static Content feature.
9. Click OK to close the Windows Features dialog.
You should now have the neccesary components installed and you are ready to enable web and mobile access on the selected server computer.
M-Files | 3. System Administration | 228
Enabling Web and Mobile Access
M-Files Web uses Microsoft Internet Information Services and .NET framework version 4.0 (or higher).
These applications must be installed on the computer running the M-Files Server in order to enable M-Files
Web.
1. Open M-Files Admin on the server computer on which you intend to host web and mobile access.
2. In the left-side tree view, expand the desired connection to M-Files Server.
3. Still in the left-side tree view, right-click the connection and select Configure Web and Mobile
Access... from the context menu.
The Configure Web and Mobile Access dialog is opened.
4. Select one of the following options:
Select the option...
If you want to...
Modify an existing web site
Modify an existing M-Files Web site. Select the existing site using the Web
site drop-down menu.
Create a new web site
Create a new M-Files Web site within IIS. Enter the name of the site in the
Name field and the TCP for connecting to the site in the TCP port field.
The TCP port is 80 by default as it is the most common TCP port for web
M-Files | 3. System Administration | 229
Select the option...
Create a new virtual directory
If you want to...
servers. If you use any other port, you need to indicate the port in the URL
( http://<domain name>:<port>
) to access the site.
Create a new M-Files Web site under a virtual directory within an existing web site. Use the Web site drop-down menu to select the preffered existing web site and, in the Name field, enter the name of the virtual folder. The
URL for accessing the site is thus http://<domain name>/<virtual
folder name>
.
5. Click OK to close the Configure Web and Mobile Access dialog.
You should now have web and mobile access to the vaults under the selected connection. You can test to see if your site is online by typing the URL of your site into your web browser.
M-Files Web Publication Settings
When documents are published online for customers or other interest groups, it is usually a good idea to hide some of the object properties. For example, if the user has read-only access, the functions for editing need not be displayed at all. With the publication settings, the users can be granted suitable and sufficient functions that facilitate and simplify accessing and processing the published information.
Note: You can use the Get Hyperlink function in the task area when you want to send a link to the document from the M-Files Web interface.
Site for definition of the publication settings (site and vault specific)
You can specify different publication settings specific to the site and vault by using a separate configuration site.
Log in to the configuration page by using your company's M-Files Web URL (for instance "http:// www.publications.company.com") and by adding "/configuration.aspx" at the end of the address. For example, "http://www.publications.company.com/configuration.aspx". If you have already logged in to M-
Files Web in the browser, M-Files does not ask you to log in again.
Note: You must have system administrator's rights in order to be able to edit the publication settings
Site-specific settings
From the site-specific settings, you can make selections that apply to the configuration site and all vaults of the site.
M-Files | 3. System Administration | 230
Figure 66: The publication settings configuration site.
Restrict access to configuration pages
You can specify the configuration site to be accessible for a certain IP address range only. Access to the configuration site is usually allowed only for connections from inside the company.
Display options
Page title: You can freely name the page of the web site you are offering. The default title is "M-Files Web".
Language: By default, M-Files uses Automatic as the language selection. This means that the M-Files
Web language is determined by the language of the user's browser settings. If the language in the browser settings is not supported by M-Files, the language installed on the M-Files server will be used.
Alternatively, you can set a Specific language to be the M-Files Web language. For example, if your company's instructions refer to functions that are in English or the users work in different languages, you can specify English as the M-Files Web language. You can choose from all languages supported by M-
Files.
Note: This applies to the user interface language only. For the full M-Files Web experience to be in the language defined by a specific user, four prerequisites need to be met:
• The vault has been
localized to the target language on page 297.
•
The vault language has been set for the vault user
on page 196.
• The language setting has been set to Automatic as described further above.
• The language preference settings of the user's browser have been set to the desired language.
For more information, see this W3C article .
Windows SSO
With Windows authentication enabled, M-Files Web can automatically use the user's Windows credentials for login. The administrator can configure the single sign-on (SSO) setting so that the login credentials are no longer required when users navigate to M-Files Web.
M-Files | 3. System Administration | 231
The automatic authentication is disabled by default, but can be enabled by setting the single sign-on value to Use automatically. Alternatively, the choice of using single sign-on can be displayed on the login page by selecting Show on login page.
Force M-Files User Login
Select this setting if you do not want to display the Windows login option to users. Then the user does not have to consider which login option is appropriate and M-Files suggests logging in as an M-Files user. For data security reasons, it may be advisable to disable Windows login in some cases.
Note: This does not prevent logging in to the configuration site with your Windows user account.
Automatic Login
Select Automatic Login and enter the authentication information if you do not wish to require the users to enter their user ID for M-Files Web. This means that any user can access the site's vaults if authorized by the user ID.
Authentication (username, password and domain): If automatic login is enabled, this is the authentication information that M-Files uses for the automatic login. If you want M-Files to offer a specific ID for the user by default, save the default ID in the authentication information and disable automatic login. The user is still able to use other IDs, possibly granting more extensive web-based access.
Vault: You can also specify the vault to which the user is to be connected to. If the vault is not specified, the users can see all the vaults accessible with the credentials.
Vault-specific settings
You can specify, for example:
• Whether the vault is to be available for use via M-Files Web.
• The vault-specific default view.
• The configuration of the vault user interface.
Allow access to this vault
Select this if you want the vault to be accessible via M-Files Web.
Note: In order to use a vault, the user must always have permissions for that vault.
Default View
You can specify which view is to be opened by default. The home view is opened by default.
Layout
You can choose the layout elements to be displayed – or hidden – in the vault. You can, for instance, hide the task area or choose to display the listing area only.
Prevent navigation outside default view
You can prevent navigation beyond the default view by choosing Prevent navigation outside default view.
In this case, navigation is not possible, even if the breadcrumb is used.
M-Files | 3. System Administration | 232
Default search criteria and settings
You can select whether the latest search criteria and settings selected by users are to be kept or if you would prefer to use a specific criterion and setting. The same options as in M-Files Desktop are available.
Navigation within the vault
You can display or hide the top menu (New, Operations, and Settings) and/or breadcrumb.
Note: When M-Files Web is displayed in the "Listing pane only" mode, object metadata and search functions are hidden from the users. This allows the users to only read and edit objects displayed in the listing pane, according to their permissions.
Vault controls
These settings allow you to control which functions are available for the users of the vault.
• Save view settings. If several users have the same user ID (for example, during automatic login), it is recommended to prevent saving of the column settings.
• Workflow shortcut in properties pane.
• Checkout prompt. If the M-Files Web users are granted read-only access and no edit permission, displaying the Check Out dialog is not necessary.
• Hidden properties. Some properties may be hidden from external users. In these cases, the information
(hidden) is displayed in the properties pane or on the metadata card. It is recommended to hide this
(hidden) information.
• State transition prompt.
• Save search terms.
• Context menu.
• Advanced Search.
• Search in right pane. With this option enabled, the search functions can be placed into the right pane.
Task area operations
The options in the task area settings allow you to decide which links are to be displayed in the task pane.
Note: If you hide the New commands, users cannot create new objects. Additionally, if the View
and Modify commands are hidden, they are not accessible via the context menu either.
Example: Modifying the Appearance of M-Files Web
1. Open the M-Files Web configuration page by entering the URL http://<Your M-Files Web
domain>
/configuration.aspx
into your web browser and then enter your credentials if you are not already logged in.
If you are already logged in, you will be redirected directly to the configuration page. Otherwise the configuration page will be opened after the login screen.
2. From the left-side tree view, under Vault-specific settings, expand the additional settings of the vault that you want to modify by clicking the arrow before the vault icon.
3. By clicking the folder beneath the selected vault in the left-side tree view, select the category that you want to modify:
M-Files | 3. System Administration | 233 a. Select the Controls folder, if you want to show or hide various M-Files Web user interface controls.
or b. Select the Task area folder, if you want to show or hide various elements on the M-Files Web task area.
4. Select the Show or Allow radio button for the elements that you want to enable.
If you want to show the Log Out button on the task area, go to the Task area settings, and select Show for the Log Out option.
5. Select the Hide or Disallow radio button for the elements that you want to disable.
Document-Specific Publishing via a Web Link
You can use M-Files for sharing documents with interested parties through direct web links. This feature makes it possible to, for example, provide a company web site with a direct link to a price list in M-Files.
The link can be made to always refer to the latest version of the document, to be able to provide up-to-date information at all times. The link works in the same way as any ordinary web URL.
Normally, M-Files Web always requires a login name and a password to be entered. However, if the system is used for publishing, it may often be necessary to allow users to view documents without entering any credentials. To enable this, M-Files can be set to use a predetermined login account with, for example, read permissions for certain documents.
Enabling document-specific publishing via a web link
In order to enable document-specific publishing via a web link, the following steps have to be taken:
1. Create a login account, such as Publishing, on the server. Select M-Files authentication as the authentication method, and enter a password and other necessary data.
For instructions, see Creating a Login Account for Publishing
on page 233.
2. Assign the user to the desired document vault and define the user as an external user.
For instructions, see Assigning the Login Account to the Desired Vault
on page 234.
3. Provide the user with read permissions for published documents.
For instructions, see Providing the User with Read Permissions to Published Documents on page
234.
4. Enable the login account to log in automatically.
For instructions, see Enabling the Login Account to Log In Automatically on page 235.
5. After this you can create direct web links to the vault.
For instructions, see Creating Direct Web Links
on page 236.
Creating a Login Account for Publishing
In order to allow users to view documents without entering credentials, you must first create a login account that will be used to automatically log in to a specific vault.
1. Open M-Files Admin on the M-Files Server computer used for publishing content.
2. In the left-side tree view, expand the desired connection to M-Files Server.
M-Files | 3. System Administration | 234
3. Highlight the Login Accounts node and click New Login Account... on the task pane.
The Login Account Properties dialog is opened.
4. In the Username field, enter a suitable username for the login account, such as
Publishing
.
5. Select M-Files authentication as the authentication method, and enter a password of your choice in the Password and Confirm password fields.
6. Optional: Enter personal information of the login account in the Full name and E-mail fields.
7. Using the License type drop-down menu, select a license type for the login account.
8. Click OK to finish creating the login account.
The newly created login account is added to the Login Accounts list.
Assigning the Login Account to the Desired Vault
Next, the login account needs to be assigned to the vault that contains the published documents.
1. Open M-Files Admin on the M-Files Server computer used for publishing content.
2. In the left-side tree view, expand the desired connection to M-Files Server.
3. In the left-side tree view, expand Document Vaults, then expand the desired vault and finally select the
Users node.
4. Click New User... on the task pane.
The User Properties dialog is opened.
5. Using the Login account drop-down menu, select the login account that you previously created.
6. Check the External user check box.
7. Optional: Check the User cannot create documents or other objects check box, if you wish to prevent users from creating documents or other objects with this user account.
8. Optional: Check the User cannot create or modify check box, if you wish to prevent users from creating or modifying traditional folders with this user account.
9. Click OK to finish creating the user.
The user is added to the Users list.
Providing the User with Read Permissions to Published Documents
The user needs to be provided with appropriate permissions in order to access published documents.
1. Open M-Files Admin on the M-Files Server computer used for publishing content.
2. In the left-side tree view, expand the desired connection to M-Files Server.
3. In the left-side tree view, expand the document vault of your choice.
4. In the left-side tree view, select the Named Access Control Lists node under the selected vault.
5. Either:
M-Files | 3. System Administration | 235 a. Click New Named Access Control List... to define a new named access control list containing read permissions for the newly created user account.
or b. Double-click an existing named access control list on the Named Access Control Lists list to define read permissions for the newly created user account.
The Named Access Control List Properties dialog is opened.
6. If you are creating a new named access control list, enter a suitable name for it in the Name field.
7. Click Add... to add the newly created user to the Users and user groups list.
The Select Users or User Groups dialog is opened.
8. Select the newly created user from the Users or user groups list and click Add to add the user to the named access control list and to close the Select Users or User Groups dialog.
9. Back in the Named Access Control List Properties dialog, highlight the newly added user and provide the user the following permissions using the check boxes below in the dialog:
Permission Allow / Deny
Change Permissions
Delete
Deny
Deny
Edit
Read
Deny
Allow
10.Optional: If your named access control list already has all permissions set to Allow for the All internal
users user group, you can skip these steps. Do the following steps to allow all permissions for All
internal users: a) Click Add... to add the All internal users user group to the Users and user groups list.
The Select Users or User Groups dialog is opened.
b) Select All internal users from the Users or user groups list and click Add.
c) Highlight All internal users on the Users and user groups and check the Allow check box next to the All option on the Permissions list.
11.Click OK to close the Named Access Control List Properties dialog.
12.Assign the named access control list you just created or modified to all the public documents intended to be accessed without credentials.
If you have created a new named access control list, it is added to the Named Access Control Lists list.
Otherwise your changes are saved to the existing named access control list that you have modified.
Enabling the Login Account to Log In Automatically
To make it possible to view published documents without logging in, M-Files must be set to log in automatically through M-Files Web. This way, published documents can be viewed without entering a username and password.
Before you begin, make sure M-Files Web is configured properly. For more information, refer to
Web and
Mobile Access
on page 227. To ensure sufficient permissions, an unlimited read-only license is required.
M-Files | 3. System Administration | 236
1. On the M-Files Server computer, use Registry Editor to create the following registry key, where
<version>
is the M-Files version number (for example 11.1.4310.92) and
<web site ID>
is a unique ID assigned to the M-Files Web site by Internet Information Services (IIS):
HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<version>\Server\MFWA\Sites
\<web site ID>\
• If there is only one web site, the site ID is usually 1.
• If the M-Files Web site is running in the virtual directory of the web site, add a colon and the name of the virtual directory after the site ID. For example, if the application is accommodated in the M-Files Web virtual directory of this single web site, the web site ID is
1:MFWA.
• The IIS server software in Windows 2003 displays the ID as one column.
2. Specify the registry key values to be used for automatic login. The table below lists the values available for specification.
Value
Domain
Password
UserName
Vault
WindowsUser
Type
REG_SZ
REG_SZ
REG_SZ
REG_SZ
REG_DWORD
Description
If the authentication method used is Windows authentication, use this value to specify the domain.
Login password.
Login account name, for example "publishing".
The document vault ID. The value can be for instance
{A8DCB561-913F-4318-
A276-E7E171EAFBE6}
. The value can be found in the
Document Vault Properties
window of M-Files Admin.
Specifies the authentication method. 0 means M-Files authentication, 1 means
Windows authentication.
3. Close Registry Editor.
The selected login account can now be used to automatically log in to M-Files Web and the account can be used for accessing published documents without entering a username and password.
Creating Direct Web Links
Once automatic login is enabled, you can create direct web links between, for example, the company web site and document files. The opening page, openfile.aspx
, can be assigned the following parameters:
Parameter
objtype docid
Description
Object type ID of the object to which the file to be opened belongs. This parameter is required. You can see the list of object type IDs by completing the first four steps of the
Creating a New Object Type
on page 330 task.
ID of the document containing the file to be opened. This parameter is required.
