Umbraco 'Back-Office' Active Directory Authentication
Hello,
I've had the most difficult time trying to get the back-office portion of Umbraco to use Active Directory authentication.
This is what I've done in the Umbraco web.config:
1) Added connection string entry for AD like so (in place of <mydomain> is the real name): <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://<mydomain>.com/DC=<mydomain>,DC=com" /> </connectionStrings>
3) Added "ADMembershipProvider" as the default provider
This is what I've done in the umbracoSettings.confg:
1) Added "ADMembershipProvider" as the default back-office provider like so: <providers> <users> <DefaultBackofficeProvider>ADMembershipProvider</DefaultBackofficeProvider> </users> </providers>
On the /Umbraco/login.aspx page I've tried to login with "<myusername>", "<mydomain>\<myusername>", "<myusername>@<mydomain>.com" to no avail. I'm at a loss.
Is there a way to tell Umbraco to log authentication failures because I have no idea what's going on behind the \umbraco\login.aspx page?
Yep. I created a simple ASP.NET app that with the same config entries (connection and membership sections) specified in the Umbraco web.config and I was able to loging just fine. The only exception is that I removed the membership entries named "UmbracoMembershipProvider" and "UsersMembershipProvider".
Is there anyway to get Umbraco to log authentication errors?
I just go it working. Not sure what I screwed up while trying to get it to work. I started from 'scratch' and went back to the original umbraco web.config file and only added the AD connection and the AD Provider entry.
I am facing smiliar issue with AD integration.Can you please help me out with configuration.Is there any way to log LDAP errors?
·The user from AD directory needs to be authenticated before the user logins to Umbraco CMS backoffice.
This is the structure currently in AD directroy
Y IS LDAP SERVER address
DC=A,DC=COM ou=B ou=C ou=Groups
cn=testgroup ou=Users cn=testuser
The user resides inside ou=Users with name as testuser. The user is added inside "testgroup" group under ou=Groups.
We have made the following changes in web.config of file
1)Added the following changes in <connectionStrings> of web.config file <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://Y:389/OU=Users,OU=C,OU=B,DC=A,DC=com" /> </connectionStrings>
2) Added the following changes in <providers> of web.config file <membership defaultProvider="MyADMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="domain\username" connectionPassword="password" attributeMapUsername="sAMAccountName"/>
The issue we are facing is when the user tries to login with username: domain\username and password: password at umbraco login interface. It focus back to username and password field highlighted in red and there is no error.
I had a similar issue. Out of the box the standard ActiveDirectoryMembershipProvider does not support groups - the users need to be inside a container, not a group.
In my case the users were in containers based on location (USA, Eurpe,...) and we couldn't move them. My solution was to create my own AD membership provider, which can see if a user belongs to a group - for example Umbraco Users.
Umbraco 'Back-Office' Active Directory Authentication
Hello,
I've had the most difficult time trying to get the back-office portion of Umbraco to use Active Directory authentication.
This is what I've done in the Umbraco web.config:
1) Added connection string entry for AD like so (in place of <mydomain> is the real name):
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://<mydomain>.com/DC=<mydomain>,DC=com" />
</connectionStrings>
2) Added ActiveDirectoryMembershipProvider to membership section:
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="<mydomain>\<logonaccount>" connectionPassword="<password>" />
3) Added "ADMembershipProvider" as the default provider
This is what I've done in the umbracoSettings.confg:
1) Added "ADMembershipProvider" as the default back-office provider like so:
<providers>
<users>
<DefaultBackofficeProvider>ADMembershipProvider</DefaultBackofficeProvider>
</users>
</providers>
On the /Umbraco/login.aspx page I've tried to login with "<myusername>", "<mydomain>\<myusername>", "<myusername>@<mydomain>.com" to no avail. I'm at a loss.
Is there a way to tell Umbraco to log authentication failures because I have no idea what's going on behind the \umbraco\login.aspx page?
Thank you very much for your help,
Marshall
I did this today as you described today and had no problems. I logged in via <myusername> and <mypassword>
Did you read this wiki entry?
Thomas
Yep. I created a simple ASP.NET app that with the same config entries (connection and membership sections) specified in the Umbraco web.config and I was able to loging just fine. The only exception is that I removed the membership entries named "UmbracoMembershipProvider" and "UsersMembershipProvider".
Is there anyway to get Umbraco to log authentication errors?
I just go it working. Not sure what I screwed up while trying to get it to work. I started from 'scratch' and went back to the original umbraco web.config file and only added the AD connection and the AD Provider entry.
Thanks!
hello,
I'm facing a similar problem, I have configured my web.config file with
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://simple.example.com.pt/CN=Users,DC=example,DC=com,DC=pt" />
</connectionStrings>
since the AD is in the machine named simple, the following for the default membership provider:
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName" />
and
<DefaultBackofficeProvider>MyADMembershipProvider</DefaultBackofficeProvider>
in the umbracoSettings.config
I perform the login as presented:
user: EXAMPLE\username
pass: password
there is no error, but there is also no other information...
How can I overcome this?
thanks in advance,
Ricardo
Hi Marshall ,
I am facing smiliar issue with AD integration.Can you please help me out with configuration.Is there any way to log LDAP errors?
· The user from AD directory needs to be authenticated before the user logins to Umbraco CMS backoffice.
This is the structure currently in AD directroy
Y IS LDAP SERVER address
DC=A,DC=COM
ou=B
ou=C
ou=Groups
cn=testgroup
ou=Users
cn=testuser
The user resides inside ou=Users with name as testuser. The user is added inside "testgroup" group under ou=Groups.
We have made the following changes in web.config of file
1)Added the following changes in <connectionStrings> of web.config file
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://Y:389/OU=Users,OU=C,OU=B,DC=A,DC=com" />
</connectionStrings>
2) Added the following changes in <providers> of web.config file
<membership defaultProvider="MyADMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="domain\username" connectionPassword="password" attributeMapUsername="sAMAccountName"/>
<add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
<add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
</providers>
</membership>
3) Added the assembly System.Web used in MyADMembershipProvider in assemblies section of web.config.
<compilation defaultLanguage="c#" debug="false" batch="false" targetFramework="4.0">
<assemblies>
<!-- ASP.NET 4.0 Assemblies -->
<add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.DataSetExtensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</assemblies>
Made following changes in umbracoSettings.cfg file
<providers>
<users>
<DefaultBackofficeProvider>MyADMembershipProvider</DefaultBackofficeProvider>
</users>
</providers>
The issue we are facing is when the user tries to login with username: domain\username and password: password at umbraco login interface.
It focus back to username and password field highlighted in red and there is no error.
Thanks in advance.
Regards,
Azam
Hello Azam,
I had a similar issue. Out of the box the standard ActiveDirectoryMembershipProvider does not support groups - the users need to be inside a container, not a group.
In my case the users were in containers based on location (USA, Eurpe,...) and we couldn't move them. My solution was to create my own AD membership provider, which can see if a user belongs to a group - for example Umbraco Users.
Here is my post about the solution: http://nikolayarhangelov.wordpress.com/2013/06/27/umbraco-backoffice-login-with-active-directory/
Regards,
Nikolay
is working on a reply...