After the EnergyCAP Enterprise Windows/LAN Client has been installed, it requires a connection to the EnergyCAP database.

Authentication and Authorization in EnergyCAP Enterprise is accomplished in a two-step process.  All program-specific users are stored in the EnergyCAP database. But a connection must first be established to the database before EnergyCAP can authenticate the user.  This topic describes the ODBC and Active Directory authentication and authorization options and processes.

Connection to the database - LAN:
When connecting to an EnergyCAP database in LAN mode, either set up an ODBC System DSN or use a Catalog Server.

If the Catalog Server is used, then there is no need to create an ODBC System DSN on the client PC.  When an ODBC System DSN is setup, it can be setup to use EITHER SQL OR Windows NT authentication.  If SQL authentication is selected, in most cases, the user account esuser will be used to make the connection to the database.  If an alternate user is desired, please contact Technical Support for assistance with the configuration of the client.ini in the EnergyCAP installation directory.

IMPORTANT NOTE: If NT authentication is used for the ODBC System DSN connection, the NT User cannot be part of a GROUP that is assigned a privilege to SQL Server. Each user will need to be assigned INDIVIDUALLY with security privileges to the EnergyCAP SQL Server database. This is because EnergyCAP verifies the SQL privileges of the user making the connection to the database itself before it allows them to Update Reports or create User Defined Fields, in order to determine if the necessary security roles are present.  This method does NOT work if the user making the connection is within a GROUP.  If the user is part of a GROUP with access, EnergyCAP does not grant the necessary permissions and will prevent those actions from occurring.

Connection to the database - WLAN:
EnergyCAP also offers a WLAN option which allows a connection using a Catalog Server and XML Data Provider to establish connection between the client and the SQL Server.  In this case, Active Directory users should NOT be used.

Database Authentication:
Once a connection to the database is established, the EnergyCAP Enterprise client can then authenticate the user to the database.  In case of Active Directory, the UserID is first compared to UserIDs in the EnergyCAP database.  If a match is found, the UserID and password are then compared to the user’s local Active Directory server to make sure they match.  In all other cases, the UserID and Password are compared to what is in the EnergyCAP database itself.

Database Authorization:
After a user is successfully authenticated to the database, the application checks the defined user authorization.  The authorization scheme is very granular, allowing for access/denied access to each “manager” in the program, and where applicable, each sub-authorization for those modules.  For example, a user can be given access to view reports, but not access to edit the settings on the reports. These authorizations are loaded into memory at runtime and destroyed when the program is terminated.

Active Directory Authentication with EnergyCAP

When using EnergyCAP there are two stages of authentication that must occur for the user to gain access to the database and begin using the program.

  1. The database connection used by the EnergyCAP application is authenticated by the database server.
  2. The EnergyCAP application authenticates the user in the database itself.

Both of these processes are now Active Directory-compliant. It is assumed that Active Directory authentication, whether to the SQL server or into EnergyCAP, will only be attempted on a computer that is already trusted by the domain, ie. a computer that is joined to the domain.

Database Authentication:

EnergyCAP user names are stored in the SQL database. Therefore, for the login process to occur, the application must first gain access to the database and check that the username exists before determining how to authenticate the user. If enabled on the database server, the client machine can be configured to connect to the database server with NT Authentication, preventing need for a SQL user. Although EnergyCAP uses ADO connections for most data, ODBC connections are still required for Crystal Reports. Because of this, EnergyCAP retrieves the database, server name and whether the connection should be treated as "Trusted" from the ODBC properties when preparing the ADO connection. Therefore, if the ODBC DSN is set to use NT Authentication, the ADO connection will follow suit.

Application Authentication:

Usernames are set up inside of the EnergyCAP application. As users are set up, they can either be given an EnergyCAP password (Caesar Cipher) or be authenticated against an Active Directory domain. If the username is listed as being an Active Directory user, then that is the only way they can successfully authenticate to use the program.

To set up a NEW EnergyCAP user with Active Directory authentication:

  1. Add a new user from the Setup menu
  2. For the UserID, enter the users exact Active Directory username without the domain suffix. This is case sensitive (limit 32 characters).
  3. Check the "Active Directory User" box below the users full name
  4. Set EnergyCAP permissions as usual and press "OK" when complete.

The user is added, but authentication will be done via AD.

To change an EXISTING EnergyCAP user with Active Directory authentication:

  1. Edit the properties of the current EnergyCAP user
  2. Check the "Active Directory User" box below the users full name
  3. Set EnergyCAP permissions as usual and press "OK" when complete.

The user's EnergyCAP password in the database is deleted and set to use AD for authentication going forward. If the user is ever switched back to non-AD authentication, their password will have to be reset in the database using the "Password" button.

Logging into EnergyCAP with an Active Directory User

  1. From the login screen, enter the username and password of the active directory user (limit 32 characters for each).
  2. Select the correct datasource from the dropdown list.
  3. CHECK the box labeled Login using Active Directory.
  4. Enter the domain name into the box that appears. This is not the fully qualified domain name, but the Active Directory domain name.
  5. Press OK.

NOTE: All settings except the password will be saved for the next login to make the process easier.

Establishing an ODBC Connection

Requirements for ODBC connection to the database:

The EnergyCAP Enterprise database must be installed on instance of Microsoft SQL Server 2005 or higher. The client computer (LAN client), must have an ODBC connection established to the server in order to be connected. This can be done either by a static user setup with SQL Authentication (initially defined with the installed database) or via Active Directory Authentication, labeled as “NT Authentication” in SQL Server.

Below are the necessary steps to create an ODBC connection to an existing EnergyCAP Enterprise database that is being ‘served up’ by an SQL Server.

  1. Click the Start button and select the Control Panel option. The Control Panel will open.
  2. From the Control Panel, double-click Administrative Tools. The Administrative Tools window will open.
  3. Double-click the Data Sources icon to open the ODBC Data Source Administrator.
  4. Select the System DSN Tab. A list of current System Data Sources will appear. Verify that the EnergyCAP database to be connected is not one of them.
  5. Click the Add button.
  6. Select the SQL Server driver from the list of available database drivers (it may be necessary to scroll to the bottom of the list box to find it); then click the Finish button. The Create a New Data Source to SQL Server window will open.
  7. Enter a Name and a Description for the data source.
  8. Use the drop-down list to select the SQL Server that is ‘serving up’ the EnergyCAP Enterprise database. If the SQL Server is not listed, try typing in the SQL Server name. Be aware that there may be a firewall between the Client computer and the SQL Server which may need its settings updated to allow access.
  9. Click the Next button.
  10. Select the With SQL Server authentication… option.
  11. Set the Login ID and the Password. If necessary, contact technical support for this information (http://support.energycap.com).
  12. Click on the Next button.
  13. In the Change the default database to: option, select the EnergyCAP Enterprise database name from the list of available databases.
  14. Click on the Next button.
  15. Click on the Finish button.
  16. Click on the Test Datasource button to confirm the settings. A 'test was successful' message should be displayed.
  17. Click on the OK button to close the Test window.
  18. Click on the OK button to close the System DSN window.
  19. Close the Administrative Tools window.

Verifying the connection

  1. Start EnergyCAP Enterprise.
  2. In the Login window, enter a valid User ID and Password.
  3. Click the drop-down arrow for the ODBC datasource. The newly-created datasource should be included in the list.
  4. Click to select the new datasource, and then click OK.
  5. EnergyCAP Enterprise should open to the database selected.

If ODBC connection questions persist, complete a trouble ticket online at http://support.energycap.com/ or call 1-877-327-3702.

Once an ODBC connection to the database is made, the EnergyCAP Enterprise client can then authenticate the user to the database. EnergyCAP Enterprise does user authentication in the application database. Users and their passwords are created with the application. Passwords and user permissions are stored encrypted.

User Permissions

After a user is successfully authenticated to the database, the application checks the defined user Permissions. The authorization scheme is very granular, allowing for access/denied access to each “Manager” in the program, and where applicable, each sub-authorization for those modules. For example, a user can be given permission to view reports, but not to edit the settings on the reports.

  • No labels