Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • George 28 posts 71 karma points
    Sep 28, 2011 @ 11:39

    Restricting front end access via Active Directory

    This might be more of an ASP / IIS question than an Umbraco one, but I'm reasonably inexperienced with both so I thought I'd ask anyway. I've inherited a site to maintain and extend. The site uses ActiveDirectory to allow AD users to authenticate and view a "restricted" section.

    In my web.config I have:

            <!-- Membership Provider -->
            <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
                    <clear />
                    <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" applicationName="anucbewebsite" attributeMapUsername="SAMAccountName" />
                    <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" />
                    <!--<add name="AspNetSqlMemberShipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" />-->
                    <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" />

    Login is handled via:

    <asp:Login runat="server" MembershipProvider="ADMembershipProvider"  DisplayRememberMe="False">

    I can check whether or not my user is logged in via:


    My question is: how do I restrict access to a page based on whether or not my user is logged in? At the moment the navigation menu is hiding links based on Request.IsAuthenticated, but the linked to pages are obviously still there and visible.

    I found a page on Active Directory authentication with IIS here, and it seems like I might need to add an "<authorization>" section to my web.config. The example given seems to apply to the whole site though - I just want to restrict access to the "/restricted/" area of my site.

    Does anyone know of any good resources on setting this up? Is using the default IIS authentication even the correct way of going about things with Umbraco?

  • Rushit Shukla 2 posts 22 karma points
    Sep 28, 2011 @ 14:10
    Rushit Shukla

    Hi George,

    I want to add Active Directory user authentication for Intranet User in umbraco 4.7.

    I am having same problem one of my client want me to setup Active Directory Membership as a login access. So i am checking possibilities of it.

    when i am searching for it i just found your posting here. Following are the few links which i have checked so far but not able to getting any perfect solution.

    if you find ny exact solution then please let me know about it.





  • andy_rose 91 posts 117 karma points
    Sep 28, 2011 @ 15:48

    I think something along these lines may be required in your web.config but I have not tested this in an Umbraco site so cannot guarantee the result:

    <location path="restricted">
             <deny users ="?" />

    This page may be of help but as I said I don't know how this may work in umbraco.

Please Sign in or register to post replies

Write your reply to: