Friday, 10 April 2009
Blackberry Intranet Portal
Last night I knocked together a portal for my company intranet designed for our Blackberry mobile devices. There is nothing overly complicated about this when you are using Blackberry Enterprise Server (BES). Some simple design considerations are obviously required and I managed to produce a good result for a version 0.1 portal by just using the most basic html tags, just like it was 1996.
The complicating factor was that I use Windows Integrated Authentication in all parts of the intranet. This is so I can limit sensitive information or experimental features by user groups. The authentication passes nicely through the IIS web server to SQL Server so I can control data access in a granular way as required.
I didn't want my BB users to have to log on through their BB browsers and I didn't just want to start giving permissions to the default IIS anonymous user account. I created a user (domain\mobile) and set it IIS as the user for anonymous browsing for the mobile directory where I had made the BB-specific pages. When I tried to access the pages from either my BB or my laptop's browser, I got an error. Nothing I googled really answered my questions but eventually I figured out that I needed to grant rights for that user on the server (of course the server was a domain controller so I have to use domain security policies). The combination that seemed to work for me was "log on locally", "act as part of the OS" and "log on as a service". One of these may not be required but I was just pleased to have things working.
Now I can give my mobile user permissions that I'm happy for my BB users to have like access to the staff directory and the news service.
The complicating factor was that I use Windows Integrated Authentication in all parts of the intranet. This is so I can limit sensitive information or experimental features by user groups. The authentication passes nicely through the IIS web server to SQL Server so I can control data access in a granular way as required.
I didn't want my BB users to have to log on through their BB browsers and I didn't just want to start giving permissions to the default IIS anonymous user account. I created a user (domain\mobile) and set it IIS as the user for anonymous browsing for the mobile directory where I had made the BB-specific pages. When I tried to access the pages from either my BB or my laptop's browser, I got an error. Nothing I googled really answered my questions but eventually I figured out that I needed to grant rights for that user on the server (of course the server was a domain controller so I have to use domain security policies). The combination that seemed to work for me was "log on locally", "act as part of the OS" and "log on as a service". One of these may not be required but I was just pleased to have things working.
Now I can give my mobile user permissions that I'm happy for my BB users to have like access to the staff directory and the news service.
Labels: Blackberry, Intranet, Work
# posted by Gareth Bezett @ 3:38 PM 
Comments:
<< Home
There appears to be a method to send the user's email address and/or BB pin in the HTTP headers. This would enable user-specific functionality without requiring username & password authentication from the BB browser.
Post a Comment
<< Home
