Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Axel 68 posts 96 karma points
    Feb 13, 2015 @ 10:08
    Axel
    0

    Using Active Directory for Members without Login Dialog

    Hi, iam currently use for my Intranet Members my custom Membership Provider, for logon . With a Login Dialog Members can Login and use our Intranet (alle Content delivered from Umbraco 7.x) Everything works fine. Now we want move to AD Login without extra Login. How can i solve this?

    Remember , i need mixed Authentication. For the Members i want have Active Directory, for the Users i need the Umbraco Forms Authentication.

     

    regards Axel

  • Sören Deger 726 posts 2833 karma points c-trib
    Feb 20, 2015 @ 11:15
    Sören Deger
    0

    Hi Axel,

    there is an package for Active Directory integration in V7:

    https://our.umbraco.org/projects/developer-tools/active-directory-providers ;

    Maybe this can handle it for you.

     

    Best,

    Sören

  • Kevin Jump 1734 posts 11125 karma points MVP 4x c-trib
    Feb 20, 2015 @ 21:14
    Kevin Jump
    0

    Hi Axel, 

    A while back i did a package for this for Umbraco 4/6 - I haven't done one for v7 but the principles should be the same. 

    https://our.umbraco.org/projects/backoffice-extensions/umbraco-active-directory-authentication

    what you do is make IIS authenticate the users, and then get umbraco to dynamically create the member when they first hit the site. then you can do some AD role provider trickery to get the windows domain groups into Umbraco. 

    You don't actually need to change the membership provider - but you need a role provider to get the groups

    Assuming you are doing and intranet that is in the "Local Network" for browsers

    1. Make the website using NTLM in IIS - Windows Authentication in IIS7/8 - you might need to install it
    2. Use umbraco "Public Access" to restrict your site - and create a login page
    3. on the login page, run a bit of code that grabs the username from the server (it's a Server Veriable) <-- this page actually logs the user on, then redirects them back to the site, they don't see it - so you get logon without the prompt
    4. with the username, create the member inside umbraco  this will give you an umbraco user.
    5. with a custom role provider you can get the groups for the user as if they are umbraco groups.
    6. Now you can tie down umbraco using windows groups not it's own
    couple of things 
    • Setting Windows Auth across the whole umbraco site might mess up backend users - so unset it on /umbraco/ (or at least /umbraco/webservices/)
    • the custom role provider from the v4/6 package might work for v7 it's a role provider so isn't part of the membership changes
    • the role provider will probibly need it's own AD account to do all the looking
    • the role provider exists just to limit the number of groups you get back , if you didn't somehow filter them then you would get 1000's of AD groups.

     

     

     

  • Todd Coleman 7 posts 71 karma points
    Apr 10, 2016 @ 00:44
    Todd Coleman
    0

    Kevin, question on #3 above. If the authentication mode is set to Windows, it seems like part of the Umbraco membership system thinks a user/member is already authenticated from the get-go. (aka, open a sessionless browser and go to secure page) So, I never get sent to the autologon page... it always sends me to the error page. I checked the Umbraco.MembershipHelper and it says the CurrentUserName is my domain username. If I go to the autologon page manually, everything works fine. How do I get Umbraco to not think the default domain info is a member?

  • bob baty-barr 1180 posts 1294 karma points MVP
    Jul 12, 2016 @ 14:43
    bob baty-barr
    0

    Todd, did you ever get this figured out? i am always being directed to the error page as well???

  • 3ijtKwijt 36 posts 216 karma points
    Aug 16, 2017 @ 09:18
    3ijtKwijt
    0

    I have something working to login members using Active Directory. I'm just in need of an auto login script... I have found a few scripts, but I have no clue where to place them

  • Paul de Quant 361 posts 1372 karma points
    Sep 08, 2017 @ 13:30
    Paul de Quant
    0

    Have you tried to add your script to the Global.asax?

    You could run a check to see

    if (session != null && session.IsNewSession)
            {}
    

    And put your auto login code there.

    Cheers

    Paul

  • Moran 270 posts 868 karma points
    Oct 27, 2019 @ 11:44
    Moran
    0

    After digging in I got AD users pass the login screen. First: follow the instructions on this link to set up user login using AD.< Second: build a Global.asax.cs file and make use that Global.asax inherit from it, in the Global.asax file

    <%@ Application Inherits="UmbracoDev8.Global" Language="C#" CodeBehind="Global.asax.cs" %>
    

    Third: Copy the following code to the new Global.asax.cs file

    public class Global : UmbracoApplication
    {
        public override void Init()
        {
            var application = this as HttpApplication;
            application.PostRequestHandlerExecute += OnPreRequestHandlerExecute;
            base.Init();
        }
        private void OnPreRequestHandlerExecute(object sender, EventArgs e)
        {
            var session = ((UmbracoApplication)sender).Context.Session;
            if(session != null && session.IsNewSession && UmbracoContext.Current.Security.CurrentUser == null)
            {
                var windowsFullUserName = WindowsIdentity.GetCurrent().Name;
                var windowsUserName = windowsFullUserName.Remove(0, windowsFullUserName.LastIndexOf('\\')+1);
                var umbracoUser = ApplicationContext.Current.Services.UserService.GetByUsername(windowsUserName);
                var httpContextBase = new HttpContextWrapper(HttpContext.Current);
                var ws = new WebSecurity(httpContextBase, ApplicationContext.Current);
                var seeionTimeOut = ws.PerformLogin(umbracoUser.Id);
            }
        }
    

    This will redirect the currently login user to the back office as soon as they hit "~/umbraco" path.

Please Sign in or register to post replies

Write your reply to:

Draft