Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Rasmus Lynggaard 118 posts 325 karma points
    Jun 20, 2012 @ 11:52
    Rasmus Lynggaard
    0

    Back Office Active Directory integration

    I've succesfully added AD as provider for backoffice authentication, but right now all users in the AD can log into the backoffice. I was wondering if there's any way, I can restrict the users, who have acces to the back office to an AD group?

    My Web.config

    <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://<servername>.<domain>.com:389/DC=<domain>,DC=com" />
    </connectionStrings>

    <system.web>
    <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
    <providers>
    <clear />
    <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
    <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
    <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
    </providers>
    </membership>
    <system.web>

    My umbracoSettings.config

    <providers>
    <users>
    <DefaultBackofficeProvider>ADMembershipProvider</DefaultBackofficeProvider>
    </users>
    </providers>
  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Jun 20, 2012 @ 13:02
    Michael Latouche
    0

    Hi Rasmus,

    I have never tried it on an umbraco site, but maybe you can use the authorization section on the back-office directories/files in the web.config? So something like

     <system.web>
        <authorization>
    <deny users="*" />
          <allow groups="YourADAdminGroup" />
        </authorization>
    ...

    Hope this works/helps.

    Cheers,

    Michael.

  • Rasmus Lynggaard 118 posts 325 karma points
    Jun 20, 2012 @ 13:18
    Rasmus Lynggaard
    0

    It doesn't do it. Tried a few options, but nothing really seemed to work.

  • azam 4 posts 24 karma points
    Jun 21, 2012 @ 13:55
    azam
    0

    Hi Rasmus,

                         I am struggling to do AD integration with umbraco.Can you help me with detail steps you followed for AD integration. I have followed the below steps, can you please point anything that is not configured correctly or needs to be added so that AD integration works.

    ยท         The user from AD directory needs to be authenticated before the user logins to Umbraco CMS backoffice.

    This is the structure currently in AD directroy

    Y IS LDAP SERVER address

    DC=A,DC=COM
                                 ou=B
                                          ou=C
                                                     ou=Groups

                                                                          cn=testgroup
                                                     ou=Users
                                                                          cn=testuser

    The user resides inside ou=Users with name as testuser. The user is  added inside "testgroup" group under ou=Groups.


    We have made the following changes in web.config of file

    1)Added the following changes in <connectionStrings> of web.config file
    <connectionStrings>
    <add name="ADConnectionString" connectionString="
    LDAP://Y:389/OU=Users,OU=C,OU=B,DC=A,DC=com" />
    </connectionStrings>

    2) Added the following changes in <providers> of web.config file
    <membership defaultProvider="MyADMembershipProvider" userIsOnlineTimeWindow="15">
          <providers>
            <clear />
            <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"  connectionUsername="domain\username" connectionPassword="password" attributeMapUsername="sAMAccountName"/>
                      

            <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
            <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />

          </providers>
        </membership>

    3) Added the assembly System.Web used in MyADMembershipProvider in assemblies section of web.config.

     <compilation defaultLanguage="c#" debug="false" batch="false"  targetFramework="4.0">
     <assemblies>
            <!-- ASP.NET 4.0 Assemblies -->
            <add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
            <add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
            <add assembly="System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Data.DataSetExtensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
            <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          </assemblies>


    Made following changes in umbracoSettings.cfg file

    <providers>
            <users>
              
                <DefaultBackofficeProvider>MyADMembershipProvider</DefaultBackofficeProvider>
            </users>
        </providers>


    The issue we are facing is when the user tries to login with username: domain\username and password: password at umbraco login interface.
    It focus back to username and password field highlighted in red.

    Thanks,

    Azam

Please Sign in or register to post replies

Write your reply to:

Draft