Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationNot able to auto login with ADNot able to auto login with AD
Previous
 
Next
New Post
4/23/2008 6:00 PM
 

I answered your other thread before I saw this one in the moderation queue. We can just work with that one for now.

EDIT: The popup window is usually because the site isn't in the Intranet or Trusted Sites list in your Internet Options. I think it'll also show up if you're using Firefox instead of IE.

 
New Post
7/31/2008 11:33 AM
 

There are a couple of important things to reiterate here (because we missed them and others might)

1. If you set AD provider to Enabled and Hide Login Controls to Enabled YOU WILL NOT GET AUTO-LOGIN. Setting the flags in this way causes the value stored in the database for Enabled to be set to False and the httpModule uses that value to determine whether to perform auto-login. An update to the httpModule to do auto-login if EITHER of these flags is set would solve this, but I'm unsure of other ramifications. I'll leave that to Mike to consider!

2. Your login status is cached in a cookie. It can look as though authentication is not working when in fact it is. You must either clear cookies or (presumably) wait for a session to expire between logging out and logging back in for auto-login to work. Very confusing for testing; perhaps less of an issue in real life (although any user who logs out and closes the browser and then immediately tries to revisit the site for another piece of info will not be logged in!)

3. Identity Impersonate and all the other good stuff is not required in web.config. All the necessary config changes are made by the installation of the provider, so no need to mess with it at all if you want mixed mode login capability.

4. You must set file security on DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignIn.aspx to Windows Authentication ONLY in IIS (i.e. you must also disable Anonymous access). What would be ideal is if there was a way to do that bit in web.config too, because then you could copy the site from server to server and have it just work with no special IIS configs, but I've not seen any way of doing that anywhere. Anybody know how to do that?

Enjoy!

Andrew

 
New Post
7/31/2008 12:46 PM
 

AndrewH wrote

There are a couple of important things to reiterate here (because we missed them and others might)

1. If you set AD provider to Enabled and Hide Login Controls to Enabled YOU WILL NOT GET AUTO-LOGIN. Setting the flags in this way causes the value stored in the database for Enabled to be set to False and the httpModule uses that value to determine whether to perform auto-login. An update to the httpModule to do auto-login if EITHER of these flags is set would solve this, but I'm unsure of other ramifications. I'll leave that to Mike to consider!

I'm sure I checked this and wasn't able to duplicate it. I was getting logged in whether the controls were hidden or not but I will take another look at it. Please post it as a bug in the Public section of Gemini (http://support.dotnetnuke.com) so that I have a reminder.

2. Your login status is cached in a cookie. It can look as though authentication is not working when in fact it is. You must either clear cookies or (presumably) wait for a session to expire between logging out and logging back in for auto-login to work. Very confusing for testing; perhaps less of an issue in real life (although any user who logs out and closes the browser and then immediately tries to revisit the site for another piece of info will not be logged in!)
True, and there's not much that can be done about it (IE: I can't kill the cookie or you'd be logged right back in).

3. Identity Impersonate and all the other good stuff is not required in web.config. All the necessary config changes are made by the installation of the provider, so no need to mess with it at all if you want mixed mode login capability.
That's incorrect and is different for every installation. At work I have to use impersonation while at home I don't. It all depends on how your network is setup.

4. You must set file security on DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignIn.aspx to Windows Authentication ONLY in IIS (i.e. you must also disable Anonymous access). What would be ideal is if there was a way to do that bit in web.config too, because then you could copy the site from server to server and have it just work with no special IIS configs, but I've not seen any way of doing that anywhere. Anybody know how to do that?
Agreed but at this time we have to deal with what we've got. Perhaps it's possible to make these changes in IIS7 but I haven't looked into it.

 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationNot able to auto login with ADNot able to auto login with AD


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out