Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationActive Directory Provider IssuesActive Directory Provider Issues
Previous
 
Next
New Post
2/14/2008 6:33 PM
 
yacker


Joined: 3/10/2007
Posts: 5

Mike,
First, I would like to thank you for all of your (donated) work on the Active Directory project.  I think that it is a very important feature for DNN, one that will draw much more interest to DNN for the use of intranets and especially extranets.  I wanted to let you know about some issues I've been experiencing with v1.0.3.

I've set up the provider with the following settings:
DNN auth is enabled
AD auth is enabled
Hide Login Controls is enabled
Synchronize Roles is enabled
Provider: ADSI...
Auth Type: delegation
Root domain: blank OR dc=mydomain,dc=com
user domain: mydomainsNTname\user
auto login: 192.;127.

I've also set up impersonation, the intranet zone is populated, and anonymous access to windowssignin.aspx has been turned off.
when I "update settings" I get OK on everything, with 1 domain found (correct).

Issues:
1) impersonation only works if I use an user with admin priveledges on the domain.  If not I get errors about the "CountryListBox", even if the user has full NTFcontrol of the DNN install folder

2) Auto-login only works occaissonally.  It does work if the user first browses to the WindowsSignin.aspx.  The next time they will be auto-logged in, but I wonder if that is just due to cookie or something that was cached.

3) Users have trouble logging in on the login screen with the AD credentials (DOMAIN\user).  This only works if Hide Login Controls gets turned of, then they login on the Windows Login screen.  After that they can use their domain login on the DNN login screen, but not before.

4) On some PCs (like the web server itself) I still see the Windows Login Control popup when the user goes to WindowsSignin.aspx.

Thanks in advance for any light  you might be able to shed on this.
 
New Post
2/14/2008 10:40 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

1.) This is something I haven't experienced myself. I've got a couple of installs (one on my webserver for dev testing and one on the webserver for our school (http://www.bus.nait.ca/main). In both cases the impersonated account is just a general domain user. Perhaps the permissions didn't filter down properly when you added the general user to the DNN install.

2.) I haven't run into instances personally where I haven't been auto-logged in but I have seen one of our staff members run into it. I didn't have time to investigate it further but she did mention she has a habit of clicking the logout button. That said, when they go back to the site if the cookie is still active (I'm not sure how long the authentication part of the cookie stays active as Microsoft's documentation has been proven to be incorrect but I think it's around 10-20 minutes) then the cookie is used. If it has expired or the application has recycled then WindowsSignin is used unless they've signed out but the DNN general cookie hasn't expired (authentication is bypassed at that time).

3.) If the account doesn't exist in the database then they either have to login via the Windows Login screen or go to http://<DNN_INSTALL>/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx. (or be logged in automatically) The regular DNN login doesn't check to see if the AD provider exists which it shouldn't as then it should as check if LiveID/OpenID/CardSpace/Future Providers exist. Each provider is meant to stand alone. However, because the AD accounts are re-created in the database the DNN login is able to authenticate against them once they're there.

4.) In general, as long as the site is in the intranet or trusted sites list the popup shouldn't appear. However, one of our fellow forum users was having nothing but trouble getting it to work. He ended up having to use a workaround from Microsoft on the server (not something that it looks like you need to do) and change a setting on his systems with IE7 installed (Tools > Internet Options > Security > Local Intranet > Custom Level > Scroll right to the bottom of Settings > Select "Automatic logon with current username and password" > Click Ok > Click Ok).
 
New Post
2/15/2008 11:15 AM
 
yacker


Joined: 3/10/2007
Posts: 5

1) Just as a test, I gave 'everyone' full control to the entire DNN install directory structure.  Same result.  I'm pretty certain the permissions are propagating to child folders, as this is a new install, and I've done nothing alter default security other than at the root folder.  Also, As soon as I add the user to 'Domain Admins', everything works correctly.

2) Accepted.

3) I'm not following you 100% on this, and I probably didn't explain very well to start with.  After the user logs in for the first time (with WindowsSignin.aspx), and I've verified that the user account exists in DNN (as DOMAIN\user), then they cannot log in via the DNN login window.  At this point, if they use the Windows Login option and successfully log in, then, and only then, will the be allowed to log in via the DNN login window.

4) Accepted.

Thanks.
 
New Post
2/15/2008 12:29 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

1) All I can go on is how I've got it set up and how other's have told me they've got it setup. If you check the directories at random do they have the same permissions as the root and do they show that they're inheriting their permissions from the parent directory?

3.) I misunderstood you in your first post. I just tested this on my dev system here at work and on my dev server at home and it worked. Also it worked for my beta testers. I can't explain why it's not working on your setup.
 
New Post
2/15/2008 12:48 PM
 
yacker


Joined: 3/10/2007
Posts: 5

1)  I've checked, permissions are being inherited from the parent.
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationActive Directory Provider IssuesActive Directory Provider Issues


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out