Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Marshall Bell 19 posts 59 karma points
    Jul 30, 2009 @ 17:01
    Marshall Bell
    0

    Umbraco 'Back-Office' Active Directory Authentication

    Hello,

    I've had the most difficult time trying to get the back-office portion of Umbraco to use Active Directory authentication.

    This is what I've done in the Umbraco web.config:

      1) Added connection string entry for AD like so (in place of <mydomain> is the real name):
      <connectionStrings>
        <add name="ADConnectionString" connectionString="LDAP://<mydomain>.com/DC=<mydomain>,DC=com" />
      </connectionStrings>

      2) Added ActiveDirectoryMembershipProvider to membership section:
            <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="<mydomain>\<logonaccount>" connectionPassword="<password>" />

      3) Added "ADMembershipProvider" as the default provider

     

    This is what I've done in the umbracoSettings.confg:

      1)  Added "ADMembershipProvider" as the default back-office provider like so:
      <providers>
        <users>
          <DefaultBackofficeProvider>ADMembershipProvider</DefaultBackofficeProvider>
        </users>
      </providers>

    On the /Umbraco/login.aspx page I've tried to login with "<myusername>", "<mydomain>\<myusername>", "<myusername>@<mydomain>.com" to no avail.  I'm at a loss.

    Is there a way to tell Umbraco to log authentication failures because I have no idea what's going on behind the \umbraco\login.aspx page?

    Thank you very much for your help,

    Marshall

  • Thomas Höhler 1237 posts 1709 karma points MVP
    Jul 30, 2009 @ 17:27
    Thomas Höhler
    0

    I did this today as you described today and had no problems. I logged in via <myusername> and <mypassword>

    Did you read this wiki entry?

    Thomas

  • Marshall Bell 19 posts 59 karma points
    Jul 30, 2009 @ 17:59
    Marshall Bell
    0

    Yep.  I created a simple ASP.NET app that with the same config entries (connection and membership sections) specified in the Umbraco web.config and I was able to loging just fine.  The only exception is that I removed the membership entries named "UmbracoMembershipProvider" and "UsersMembershipProvider".

    Is there anyway to get Umbraco to log authentication errors?

  • Marshall Bell 19 posts 59 karma points
    Jul 30, 2009 @ 18:36
    Marshall Bell
    0

    I just go it working.  Not sure what I screwed up while trying to get it to work.  I started from 'scratch' and went back to the original umbraco web.config file and only added the AD connection and the AD Provider entry.

    Thanks!

  • Ricardo Gomes 22 posts 42 karma points
    Dec 13, 2009 @ 19:04
    Ricardo Gomes
    0

    hello,

    I'm facing a similar problem, I have configured my web.config file with

    <connectionStrings>
        <add name="ADConnectionString" connectionString="LDAP://simple.example.com.pt/CN=Users,DC=example,DC=com,DC=pt" />
      </connectionStrings>

    since the AD is in the machine named simple, the following for the default membership provider:

    <add name="MyADMembershipProvider"
           type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
                 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
           connectionStringName="ADConnectionString"      
           attributeMapUsername="sAMAccountName"    />

    and

    <DefaultBackofficeProvider>MyADMembershipProvider</DefaultBackofficeProvider>

    in the umbracoSettings.config

    I perform the login as presented:

    user: EXAMPLE\username

    pass: password

    there is no error, but there is also no other information...

    How can I overcome this?

    thanks in advance,

    Ricardo

  • azam 4 posts 24 karma points
    Jun 21, 2012 @ 13:45
    azam
    0

    Hi Marshall ,

         I am facing smiliar issue with AD integration.Can you please help me out with configuration.Is there any way to log LDAP errors?

     

    ·         The user from AD directory needs to be authenticated before the user logins to Umbraco CMS backoffice.

    This is the structure currently in AD directroy

    Y IS LDAP SERVER address

    DC=A,DC=COM
                                 ou=B
                                          ou=C
                                                     ou=Groups

                                                                          cn=testgroup
                                                     ou=Users
                                                                          cn=testuser

    The user resides inside ou=Users with name as testuser. The user is  added inside "testgroup" group under ou=Groups.


    We have made the following changes in web.config of file

    1)Added the following changes in <connectionStrings> of web.config file
    <connectionStrings>
    <add name="ADConnectionString" connectionString="
    LDAP://Y:389/OU=Users,OU=C,OU=B,DC=A,DC=com" />
    </connectionStrings>

    2) Added the following changes in <providers> of web.config file
    <membership defaultProvider="MyADMembershipProvider" userIsOnlineTimeWindow="15">
          <providers>
            <clear />
            <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"  connectionUsername="domain\username" connectionPassword="password" attributeMapUsername="sAMAccountName"/>
                      

            <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
            <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />

          </providers>
        </membership>

    3) Added the assembly System.Web used in MyADMembershipProvider in assemblies section of web.config.

     <compilation defaultLanguage="c#" debug="false" batch="false"  targetFramework="4.0">
     <assemblies>
            <!-- ASP.NET 4.0 Assemblies -->
            <add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
            <add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
            <add assembly="System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Data.DataSetExtensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
            <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          </assemblies>


    Made following changes in umbracoSettings.cfg file

    <providers>
            <users>
              
                <DefaultBackofficeProvider>MyADMembershipProvider</DefaultBackofficeProvider>
            </users>
        </providers>


    The issue we are facing is when the user tries to login with username: domain\username and password: password at umbraco login interface.
    It focus back to username and password field highlighted in red and there is no error.

    Thanks in advance.

    Regards,

    Azam

  • Nikolay Arhangelov 15 posts 34 karma points
    Jun 27, 2013 @ 16:47
    Nikolay Arhangelov
    0

    Hello Azam,

    I had a similar issue. Out of the box the standard ActiveDirectoryMembershipProvider does not support groups - the users need to be inside a container, not a group.

    In my case the users were in containers based on location (USA, Eurpe,...) and we couldn't move them. My solution was to create my own AD membership provider, which can see if a user belongs to a group - for example Umbraco Users.

    Here is my post about the solution: http://nikolayarhangelov.wordpress.com/2013/06/27/umbraco-backoffice-login-with-active-directory/

    Regards,

    Nikolay

     

Please Sign in or register to post replies

Write your reply to:

Draft