Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tim 1193 posts 2675 karma points MVP 4x c-trib
    Nov 15, 2010 @ 11:34
    Tim
    0

    Active Directory For Members

    Hi,

    I've got a potential project coming up that needs to use Active Directory for the members login (its an intranet). I've had a look at the examples in the wiki, and I have a couple of questions for anyone that's done this before.

    1) Is it possible to automatically authenticate the users, ie if anonymous access is diabled for the site, it would use their windows log in (which is the AD login in this case). Ideally we don't want the users to have to login to the intranet through a form on the website, as they're already authenticated via AD.

    2) Would I need to use the umbraco membership system, or would I be better bypassing it and using the built in .Net Authentication instead?

    I'm not bothered about being able to manage the site users through Umbraco, as they'll be managed centrally by the client's IT team in AD.

    Any help or advice from folks that have done something similar would be greatly appreciated!

    :)

    Cheers,

    Tim.

  • Diane Bryan 26 posts 46 karma points
    Nov 19, 2010 @ 01:07
    Diane Bryan
    0

    Tim, I hope you don't mind letting me know what you come up with.  Our IT dept just decided on Sharepoint 2010 for the Intranet, and I need a real CMS for the websites that will also be part of the Portal.  We want single user authentication regardless of where they logged in, so that the user is recognized throughout the system with a single login, with all their Sharepoint membership data recognized by the Umbraco site.

  • Tim 1193 posts 2675 karma points MVP 4x c-trib
    Nov 22, 2010 @ 12:27
    Tim
    0

    I will! I've not started on it yet, but when I do, I'll let you know how we ended up doing it!

    :)

    Cheers,

    Tim.

     

  • Diane Bryan 26 posts 46 karma points
    Nov 22, 2010 @ 20:21
    Diane Bryan
    0

    Thanks, that would be great.  In the meantime I'm diving into planning out the design aspects on the Umbraco side in full faith that the authentication model we need is doable.

    diane

  • Robert Foster 459 posts 1820 karma points MVP 3x admin c-trib
    Nov 23, 2010 @ 14:48
    Robert Foster
    0

    Hi,

    Haven't yet done this in umbraco yet.  But here's some info that may help.

    http://our.umbraco.org/wiki/how-tos/membership-providers/active-directory-membership-provider

    Describes the process with the built-in active directory membership provider.

     

  • Diane Bryan 26 posts 46 karma points
    Nov 24, 2010 @ 00:23
    Diane Bryan
    0

    Thanks, Robert. I'm surprised there aren't more who have gone this route, given the limitations of Sharepoint for outward-facing sites.

  • George Mocanu 28 posts 48 karma points
    Dec 17, 2010 @ 08:24
    George Mocanu
    0

    Hello,

    Depend what is your intention to build and what to protect for intranet.

    If is wanted to protected only  the content you can do it with AD membership provider but you need olso AD role provider.

    A nice tool : http://www.codeproject.com/KB/aspnet/active_directory_roles.aspx?msg=2892569 Then you just define groups in AD and assign groups to different pages from content.

    There is olso the other option to switch from form authentification to windows authentification and integrated Windows authentification and disable anonymous access. If your users are AD users and access the site will be automatically login with their creditentials.

  • Mitch Olinsky 31 posts 51 karma points
    Oct 26, 2011 @ 22:46
    Mitch Olinsky
    0

    Tim, did you get Umbraco working with AD and auto-authenticating?

  • George Mocanu 28 posts 48 karma points
    Oct 27, 2011 @ 07:38
    George Mocanu
    0

    Disable anonymous and set windows authentification. And set authetification order : kerberos , NTLM for your site. This should do the job for auto authentification.

     

     

     

     

     

  • Mitch Olinsky 31 posts 51 karma points
    Oct 27, 2011 @ 15:21
    Mitch Olinsky
    0

    Thanks George.  I still working on just getting AD authentication working.  I keep getting the error below.  But, when I do, I'll immediatly follow your directions :-)

     

    Object reference not set to an instance of an object.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


    Stack Trace:

    [NullReferenceException: Object reference not set to an instance of an object.]
       umbraco.cms.presentation.login.Button1_Click(Object sender, EventArgs e) +164
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +153
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3706

     

  • George Mocanu 28 posts 48 karma points
    Oct 28, 2011 @ 09:04
    George Mocanu
    0

     

    If understood ,you want that all users that access your application to be authenticate using AD. Please give more details about want you want to do.

     

    Autheticate on IIS using windows authentification.

    1. - disable anonymous login and flag windows authentification. flag digest auth for windows domain(complete the domain name)
    2. - In ASP.NET configuration : set authetication method :windows
    3. - cscript adsutil.vbs set w3svc/NTAuthenticationProviders "Negotiate,NTLM"  (use must have IIS admin scripts)

    In this way all users that will connect to your website will be authenticate using windows authentication and domain users will automatically be login based on user that is logged on PC. Similar with Sharepoint.

     

     

  • Mitch Olinsky 31 posts 51 karma points
    Oct 28, 2011 @ 14:41
    Mitch Olinsky
    0

    Thanks George.  I'm just trying to get AD Authentication working.  I've followed the instructions to setup the provider, but just recieved the error pasted above.  You're telling me that I also need to follow your three steps above.  Forgive me for my noobie-ness, but would you mind clarifying the second and third tasks?  I'm not even sure where to begin with those.

  • Pete 213 posts 285 karma points
    Oct 28, 2011 @ 14:54
    Pete
    0

    I don't think I'm hijacking the post here! apologies if I am, but your issue tim is fairly similar to mine.

    I have a site which has an intranet area, and a normal public area, and requires the membership provider to be AD. So if a user is logged onto the server domain, they automatically login to the intranet area.But if a user is not on the domain, they have to login to the intranet area.

    So how would I go about setting this up?

    - Is it windows authentification or forms authentification?

    - anonymous login or not?

    - Add the membership provider details as required in the web.config?

  • George Mocanu 28 posts 48 karma points
    Oct 28, 2011 @ 17:04
    George Mocanu
    0

    Hy Pete !

    If I understood well, you want when a user type in browser www.yoursite.com  based on the user to be redirected to www.yoursite.com/pivate or www.yoursite.com/public 

    Some simple ideas:

    • With AD membership - Umbraco case.

    -Let anonymous access on. Use form authentification. Create a simple login.aspx form.

    -Use above library for ADmembership provider. Change your web.config to use ADmembership provider  and set access.

    -Default direct all users on public content. Create on a public content a link to private area. Use function  "public access" to set access only to specific AD group.

    When users will click on intranet link will be redirected to login.aspx

    • Without membership - general asp application

    -All users to land on public area and here create a link to your private area.

    -Set anonymous access for your public area and windows authtification for private area root folder.

     

    If you want automatically redirection for all users that come to www.yoursite.com I think is a little bit complicated.

    You can try to make a default login.aspx with anonymous access. Create a custom code  that read windowsprincipal currentuser to check  ad membership and automatically redirect to private or public.

     

     

  • Pete 213 posts 285 karma points
    Oct 28, 2011 @ 20:05
    Pete
    0

    Thanks for the info george.

    The only thing i'm not clear and sure how to go about is setting windows authentication on a virtual folder/intranet area thats made within umbraco as a protected role based area? On a normal asp.net app you would just have another web.config file within that folder but what about virtual folders made within umbraco?

    Pete

  • George Mocanu 28 posts 48 karma points
    Oct 29, 2011 @ 06:33
    George Mocanu
    0

    On a virtual folder within Umbraco not possible to set auth method because element is generated and not persistent.

    You want Windows Authentication with Role based authorization for your intranet area. Not sure how to do it within Umbraco but can give some ideas maybe

    Maybe you can create a subfolder like normal asp.net and put your intranet content here.

    The easiest will be to change autheticaton method to forms and configure a login.aspx You protect your intranet content with roles and and a user click on intranet area will be asked fo a AD user and password.

     

Please Sign in or register to post replies

Write your reply to:

Draft