Using Active Directory for Members without Login Dialog
Hi, iam currently use for my Intranet Members my custom Membership Provider, for logon . With a Login Dialog Members can Login and use our Intranet (alle Content delivered from Umbraco 7.x) Everything works fine. Now we want move to AD Login without extra Login. How can i solve this?
Remember , i need mixed Authentication. For the Members i want have Active Directory, for the Users i need the Umbraco Forms Authentication.
what you do is make IIS authenticate the users, and then get umbraco to dynamically create the member when they first hit the site. then you can do some AD role provider trickery to get the windows domain groups into Umbraco.
You don't actually need to change the membership provider - but you need a role provider to get the groups
Assuming you are doing and intranet that is in the "Local Network" for browsers
Use umbraco "Public Access" to restrict your site - and create a login page
on the login page, run a bit of code that grabs the username from the server (it's a Server Veriable) <-- this page actually logs the user on, then redirects them back to the site, they don't see it - so you get logon without the prompt
with the username, create the member inside umbraco this will give you an umbraco user.
with a custom role provider you can get the groups for the user as if they are umbraco groups.
Now you can tie down umbraco using windows groups not it's own
couple of things
Setting Windows Auth across the whole umbraco site might mess up backend users - so unset it on /umbraco/ (or at least /umbraco/webservices/)
the custom role provider from the v4/6 package might work for v7 it's a role provider so isn't part of the membership changes
the role provider will probibly need it's own AD account to do all the looking
the role provider exists just to limit the number of groups you get back , if you didn't somehow filter them then you would get 1000's of AD groups.
Kevin, question on #3 above. If the authentication mode is set to Windows, it seems like part of the Umbraco membership system thinks a user/member is already authenticated from the get-go. (aka, open a sessionless browser and go to secure page) So, I never get sent to the autologon page... it always sends me to the error page. I checked the Umbraco.MembershipHelper and it says the CurrentUserName is my domain username. If I go to the autologon page manually, everything works fine. How do I get Umbraco to not think the default domain info is a member?
I have something working to login members using Active Directory. I'm just in need of an auto login script... I have found a few scripts, but I have no clue where to place them
After digging in I got AD users pass the login screen.
First: follow the instructions on this link to set up user login using AD.<
Second: build a Global.asax.cs file and make use that Global.asax inherit from it, in the Global.asax file
Third:
Copy the following code to the new Global.asax.cs file
public class Global : UmbracoApplication
{
public override void Init()
{
var application = this as HttpApplication;
application.PostRequestHandlerExecute += OnPreRequestHandlerExecute;
base.Init();
}
private void OnPreRequestHandlerExecute(object sender, EventArgs e)
{
var session = ((UmbracoApplication)sender).Context.Session;
if(session != null && session.IsNewSession && UmbracoContext.Current.Security.CurrentUser == null)
{
var windowsFullUserName = WindowsIdentity.GetCurrent().Name;
var windowsUserName = windowsFullUserName.Remove(0, windowsFullUserName.LastIndexOf('\\')+1);
var umbracoUser = ApplicationContext.Current.Services.UserService.GetByUsername(windowsUserName);
var httpContextBase = new HttpContextWrapper(HttpContext.Current);
var ws = new WebSecurity(httpContextBase, ApplicationContext.Current);
var seeionTimeOut = ws.PerformLogin(umbracoUser.Id);
}
}
This will redirect the currently login user to the back office as soon as they hit "~/umbraco" path.
Using Active Directory for Members without Login Dialog
Hi, iam currently use for my Intranet Members my custom Membership Provider, for logon . With a Login Dialog Members can Login and use our Intranet (alle Content delivered from Umbraco 7.x) Everything works fine. Now we want move to AD Login without extra Login. How can i solve this?
Remember , i need mixed Authentication. For the Members i want have Active Directory, for the Users i need the Umbraco Forms Authentication.
regards Axel
Hi Axel,
there is an package for Active Directory integration in V7:
https://our.umbraco.org/projects/developer-tools/active-directory-providers ;
Maybe this can handle it for you.
Best,
Sören
Hi Axel,
A while back i did a package for this for Umbraco 4/6 - I haven't done one for v7 but the principles should be the same.
https://our.umbraco.org/projects/backoffice-extensions/umbraco-active-directory-authentication
what you do is make IIS authenticate the users, and then get umbraco to dynamically create the member when they first hit the site. then you can do some AD role provider trickery to get the windows domain groups into Umbraco.
You don't actually need to change the membership provider - but you need a role provider to get the groups
Assuming you are doing and intranet that is in the "Local Network" for browsers
Kevin, question on #3 above. If the authentication mode is set to Windows, it seems like part of the Umbraco membership system thinks a user/member is already authenticated from the get-go. (aka, open a sessionless browser and go to secure page) So, I never get sent to the autologon page... it always sends me to the error page. I checked the Umbraco.MembershipHelper and it says the CurrentUserName is my domain username. If I go to the autologon page manually, everything works fine. How do I get Umbraco to not think the default domain info is a member?
Todd, did you ever get this figured out? i am always being directed to the error page as well???
I have something working to login members using Active Directory. I'm just in need of an auto login script... I have found a few scripts, but I have no clue where to place them
Have you tried to add your script to the Global.asax?
You could run a check to see
And put your auto login code there.
Cheers
Paul
After digging in I got AD users pass the login screen. First: follow the instructions on this link to set up user login using AD.< Second: build a Global.asax.cs file and make use that Global.asax inherit from it, in the Global.asax file
Third: Copy the following code to the new Global.asax.cs file
This will redirect the currently login user to the back office as soon as they hit "~/umbraco" path.
is working on a reply...