Hi to all, I restricted access to my website only to Active Directory Users with the Active Directory membership provider.
Now I must create 2 nodes with a restricted access to 2 members groups. When i try to create a new member in umbraco incur in a creation error (but with default membership providers all works perfectly). Also Idon't view the Member Type node. Can anyone help me to resolve this issue?
Is there a method to view in umbraco member section the active directory's users
Using the active directory membership provider means that you can't use the umbraco membership provider in the same way. I believe a AD user must login first before they appear in the users section. Once they have logged in once, you can assign groups to them, etc. I found a similar problem when trying to use AD for the user membership provider. I ended up creating a custom membership provider by creating a copy of the default membership provider code and overriding the login validation method to validate the password against AD. This lets you manage the users(members) using umbraco including create, while still validating the password against AD.
Does the ActiveDirectory Provider allow you to fully manage users/members in umbraco, including create. We first implemented the AD provider for the backend but found that the user had to login once before they would appear in the users sections and only then could we assign proper roles and node access.
In theory it will allow for full management of the users within Umbraco, the Member tree (and User tree) go via the MembershipProviders (or at least they should, if they don't that a bug that needs to be submitted).
This means that all operations supported by the MembershipProvider should just work, and since the ActiveDirectoryMembershipProvider does support a CreateUser method I don't see why it wouldn't work.
You need to take into account the permission of the user running the site, if the account doesn't have the appropriate AD rights then it wont work anyway. Personally I'd write my own provider on top of the ActiveDirectoryMembershipProvider which I would then overrite the CreateUser method to disable it as I wouldn't want the ability to create AD accounts from Umbraco.
I favored the custom provider too and ended up creating a 'blended' provider. We create our users as 'umbraco' users and upon login first check that they exist as an umbraco user and if so we attempt to validate the user/password against ActiveDirectory. If the user doesn't exist as in AD but exists as an umbraco user we validate using the umbraco password. It allows us to give external users access to umbraco with giving them an AD account.
well it ultimately comes down to how you need to provide access. If you were doing an intranet then I could see AD as a viable choice and you would be likely to want to use the standard AD authentication, and only have a single place of user management.
AD on public sites isn't something I've ever been asked to implement, generally because you don't want non-employee's on your domain ;)
sorry...meant to say 'without' giving them access to ActiveDirectory. Solution works well if you use external consultants as we do and need to provide them access to edit content (not publish) but don't want to provide them a short term AD account. ;)
I liked your approach for implementing AD Integration. I am about to deply my first website for our Intranet, and I want to implement mixed authentication mode.
I appreciate it if you could provide me with more detials on how you implemented this.
Members and Active Directory (How to)
Hi to all,
I restricted access to my website only to Active Directory Users with the Active Directory membership provider.
Now I must create 2 nodes with a restricted access to 2 members groups.
When i try to create a new member in umbraco incur in a creation error (but with default membership providers all works perfectly).
Also Idon't view the Member Type node.
Can anyone help me to resolve this issue?
Is there a method to view in umbraco member section the active directory's users
Thank you in advance
AF
Using the active directory membership provider means that you can't use the umbraco membership provider in the same way. I believe a AD user must login first before they appear in the users section. Once they have logged in once, you can assign groups to them, etc. I found a similar problem when trying to use AD for the user membership provider. I ended up creating a custom membership provider by creating a copy of the default membership provider code and overriding the login validation method to validate the password against AD. This lets you manage the users(members) using umbraco including create, while still validating the password against AD.
Umbraco 4 supports the standard ASP.NET Forms Based Authentication, which in turn has an Active Directory provider.
Although I doubt you'll find someone who's used it with Umbraco here's a how-to on using it: http://msdn.microsoft.com/en-us/library/ms998360.aspx
Slace,
Does the ActiveDirectory Provider allow you to fully manage users/members in umbraco, including create. We first implemented the AD provider for the backend but found that the user had to login once before they would appear in the users sections and only then could we assign proper roles and node access.
In theory it will allow for full management of the users within Umbraco, the Member tree (and User tree) go via the MembershipProviders (or at least they should, if they don't that a bug that needs to be submitted).
This means that all operations supported by the MembershipProvider should just work, and since the ActiveDirectoryMembershipProvider does support a CreateUser method I don't see why it wouldn't work.
You need to take into account the permission of the user running the site, if the account doesn't have the appropriate AD rights then it wont work anyway. Personally I'd write my own provider on top of the ActiveDirectoryMembershipProvider which I would then overrite the CreateUser method to disable it as I wouldn't want the ability to create AD accounts from Umbraco.
But yeah, in theory it will work just fine.
I favored the custom provider too and ended up creating a 'blended' provider. We create our users as 'umbraco' users and upon login first check that they exist as an umbraco user and if so we attempt to validate the user/password against ActiveDirectory. If the user doesn't exist as in AD but exists as an umbraco user we validate using the umbraco password. It allows us to give external users access to umbraco with giving them an AD account.
Chris... I need to create the same 'blended' provider. Can you direct on how to do this for Umbraco 7.5+?
well it ultimately comes down to how you need to provide access. If you were doing an intranet then I could see AD as a viable choice and you would be likely to want to use the standard AD authentication, and only have a single place of user management.
AD on public sites isn't something I've ever been asked to implement, generally because you don't want non-employee's on your domain ;)
sorry...meant to say 'without' giving them access to ActiveDirectory. Solution works well if you use external consultants as we do and need to provide them access to edit content (not publish) but don't want to provide them a short term AD account. ;)
Hi Chris,
I liked your approach for implementing AD Integration. I am about to deply my first website for our Intranet, and I want to implement mixed authentication mode.
I appreciate it if you could provide me with more detials on how you implemented this.
Tarek.
How do you provide access to just one section on the website using AD?
I need help please!!
is working on a reply...