I've got a potential project coming up that needs to use Active Directory for the members login (its an intranet). I've had a look at the examples in the wiki, and I have a couple of questions for anyone that's done this before.
1) Is it possible to automatically authenticate the users, ie if anonymous access is diabled for the site, it would use their windows log in (which is the AD login in this case). Ideally we don't want the users to have to login to the intranet through a form on the website, as they're already authenticated via AD.
2) Would I need to use the umbraco membership system, or would I be better bypassing it and using the built in .Net Authentication instead?
I'm not bothered about being able to manage the site users through Umbraco, as they'll be managed centrally by the client's IT team in AD.
Any help or advice from folks that have done something similar would be greatly appreciated!
Tim, I hope you don't mind letting me know what you come up with. Our IT dept just decided on Sharepoint 2010 for the Intranet, and I need a real CMS for the websites that will also be part of the Portal. We want single user authentication regardless of where they logged in, so that the user is recognized throughout the system with a single login, with all their Sharepoint membership data recognized by the Umbraco site.
Thanks, that would be great. In the meantime I'm diving into planning out the design aspects on the Umbraco side in full faith that the authentication model we need is doable.
There is olso the other option to switch from form authentification to windows authentification and integrated Windows authentification and disable anonymous access. If your users are AD users and access the site will be automatically login with their creditentials.
Disable anonymous and set windows authentification. And set authetification order : kerberos , NTLM for your site. This should do the job for auto authentification.
Thanks George. I still working on just getting AD authentication working. I keep getting the error below. But, when I do, I'll immediatly follow your directions :-)
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[NullReferenceException: Object reference not set to an instance of an object.] umbraco.cms.presentation.login.Button1_Click(Object sender, EventArgs e) +164 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +153 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3706
If understood ,you want that all users that access your application to be authenticate using AD. Please give more details about want you want to do.
Autheticate on IIS using windows authentification.
- disable anonymous login and flag windows authentification. flag digest auth for windows domain(complete the domain name)
- In ASP.NET configuration : set authetication method :windows
- cscript adsutil.vbs set w3svc/NTAuthenticationProviders "Negotiate,NTLM" (use must have IIS admin scripts)
In this way all users that will connect to your website will be authenticate using windows authentication and domain users will automatically be login based on user that is logged on PC. Similar with Sharepoint.
Thanks George. I'm just trying to get AD Authentication working. I've followed the instructions to setup the provider, but just recieved the error pasted above. You're telling me that I also need to follow your three steps above. Forgive me for my noobie-ness, but would you mind clarifying the second and third tasks? I'm not even sure where to begin with those.
I don't think I'm hijacking the post here! apologies if I am, but your issue tim is fairly similar to mine.
I have a site which has an intranet area, and a normal public area, and requires the membership provider to be AD. So if a user is logged onto the server domain, they automatically login to the intranet area.But if a user is not on the domain, they have to login to the intranet area.
So how would I go about setting this up?
- Is it windows authentification or forms authentification?
- anonymous login or not?
- Add the membership provider details as required in the web.config?
-Let anonymous access on. Use form authentification. Create a simple login.aspx form.
-Use above library for ADmembership provider. Change your web.config to use ADmembership provider and set access.
-Default direct all users on public content. Create on a public content a link to private area. Use function "public access" to set access only to specific AD group.
When users will click on intranet link will be redirected to login.aspx
Without membership - general asp application
-All users to land on public area and here create a link to your private area.
-Set anonymous access for your public area and windows authtification for private area root folder.
If you want automatically redirection for all users that come to www.yoursite.com I think is a little bit complicated.
You can try to make a default login.aspx with anonymous access. Create a custom code that read windowsprincipal currentuser to check ad membership and automatically redirect to private or public.
The only thing i'm not clear and sure how to go about is setting windows authentication on a virtual folder/intranet area thats made within umbraco as a protected role based area? On a normal asp.net app you would just have another web.config file within that folder but what about virtual folders made within umbraco?
On a virtual folder within Umbraco not possible to set auth method because element is generated and not persistent.
You want Windows Authentication with Role based authorization for your intranet area. Not sure how to do it within Umbraco but can give some ideas maybe
Maybe you can create a subfolder like normal asp.net and put your intranet content here.
The easiest will be to change autheticaton method to forms and configure a login.aspx You protect your intranet content with roles and and a user click on intranet area will be asked fo a AD user and password.
Active Directory For Members
Hi,
I've got a potential project coming up that needs to use Active Directory for the members login (its an intranet). I've had a look at the examples in the wiki, and I have a couple of questions for anyone that's done this before.
1) Is it possible to automatically authenticate the users, ie if anonymous access is diabled for the site, it would use their windows log in (which is the AD login in this case). Ideally we don't want the users to have to login to the intranet through a form on the website, as they're already authenticated via AD.
2) Would I need to use the umbraco membership system, or would I be better bypassing it and using the built in .Net Authentication instead?
I'm not bothered about being able to manage the site users through Umbraco, as they'll be managed centrally by the client's IT team in AD.
Any help or advice from folks that have done something similar would be greatly appreciated!
:)
Cheers,
Tim.
Tim, I hope you don't mind letting me know what you come up with. Our IT dept just decided on Sharepoint 2010 for the Intranet, and I need a real CMS for the websites that will also be part of the Portal. We want single user authentication regardless of where they logged in, so that the user is recognized throughout the system with a single login, with all their Sharepoint membership data recognized by the Umbraco site.
I will! I've not started on it yet, but when I do, I'll let you know how we ended up doing it!
:)
Cheers,
Tim.
Thanks, that would be great. In the meantime I'm diving into planning out the design aspects on the Umbraco side in full faith that the authentication model we need is doable.
diane
Hi,
Haven't yet done this in umbraco yet. But here's some info that may help.
http://our.umbraco.org/wiki/how-tos/membership-providers/active-directory-membership-provider
Describes the process with the built-in active directory membership provider.
Thanks, Robert. I'm surprised there aren't more who have gone this route, given the limitations of Sharepoint for outward-facing sites.
Hello,
Depend what is your intention to build and what to protect for intranet.
If is wanted to protected only the content you can do it with AD membership provider but you need olso AD role provider.
A nice tool : http://www.codeproject.com/KB/aspnet/active_directory_roles.aspx?msg=2892569 Then you just define groups in AD and assign groups to different pages from content.
There is olso the other option to switch from form authentification to windows authentification and integrated Windows authentification and disable anonymous access. If your users are AD users and access the site will be automatically login with their creditentials.
Tim, did you get Umbraco working with AD and auto-authenticating?
Disable anonymous and set windows authentification. And set authetification order : kerberos , NTLM for your site. This should do the job for auto authentification.
Thanks George. I still working on just getting AD authentication working. I keep getting the error below. But, when I do, I'll immediatly follow your directions :-)
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[NullReferenceException: Object reference not set to an instance of an object.]
umbraco.cms.presentation.login.Button1_Click(Object sender, EventArgs e) +164
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +153
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3706
If understood ,you want that all users that access your application to be authenticate using AD. Please give more details about want you want to do.
Autheticate on IIS using windows authentification.
In this way all users that will connect to your website will be authenticate using windows authentication and domain users will automatically be login based on user that is logged on PC. Similar with Sharepoint.
Thanks George. I'm just trying to get AD Authentication working. I've followed the instructions to setup the provider, but just recieved the error pasted above. You're telling me that I also need to follow your three steps above. Forgive me for my noobie-ness, but would you mind clarifying the second and third tasks? I'm not even sure where to begin with those.
I don't think I'm hijacking the post here! apologies if I am, but your issue tim is fairly similar to mine.
I have a site which has an intranet area, and a normal public area, and requires the membership provider to be AD. So if a user is logged onto the server domain, they automatically login to the intranet area.But if a user is not on the domain, they have to login to the intranet area.
So how would I go about setting this up?
- Is it windows authentification or forms authentification?
- anonymous login or not?
- Add the membership provider details as required in the web.config?
Hy Pete !
If I understood well, you want when a user type in browser www.yoursite.com based on the user to be redirected to www.yoursite.com/pivate or www.yoursite.com/public
Some simple ideas:
-Let anonymous access on. Use form authentification. Create a simple login.aspx form.
-Use above library for ADmembership provider. Change your web.config to use ADmembership provider and set access.
-Default direct all users on public content. Create on a public content a link to private area. Use function "public access" to set access only to specific AD group.
When users will click on intranet link will be redirected to login.aspx
-All users to land on public area and here create a link to your private area.
-Set anonymous access for your public area and windows authtification for private area root folder.
If you want automatically redirection for all users that come to www.yoursite.com I think is a little bit complicated.
You can try to make a default login.aspx with anonymous access. Create a custom code that read windowsprincipal currentuser to check ad membership and automatically redirect to private or public.
Thanks for the info george.
The only thing i'm not clear and sure how to go about is setting windows authentication on a virtual folder/intranet area thats made within umbraco as a protected role based area? On a normal asp.net app you would just have another web.config file within that folder but what about virtual folders made within umbraco?
Pete
On a virtual folder within Umbraco not possible to set auth method because element is generated and not persistent.
You want Windows Authentication with Role based authorization for your intranet area. Not sure how to do it within Umbraco but can give some ideas maybe
Maybe you can create a subfolder like normal asp.net and put your intranet content here.
The easiest will be to change autheticaton method to forms and configure a login.aspx You protect your intranet content with roles and and a user click on intranet area will be asked fo a AD user and password.
is working on a reply...