Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD behaviour in DNNAD behaviour in DNN
Previous
 
Next
New Post
6/26/2009 5:25 AM
 
Kev

Joined: 4/28/2009
Posts: 20

 

Hi,
Im pretty new to this but I have installed the AD provider and authenticated using a root domain account. I have followed all the steps on the documentation but things arent working they way i believe they should.
I dont really understand why you need to put the domain account into the web.config file. Does this not mean that everyone hitting the site will be logged in as that user? For example the root account is :
entplc\svc_intranetdnn
My account is:
            Sites\kwing
'Sites' is a child domain in entplc, so how will it recognise my account if im using impersonation?
When even I hit my site, I do not get a windows prompt to login. The documentation says that I should (I have not applied the ‘Other settings’ yet because I just wanted to see it working).
Could someone please let me know the behavoiur off DNN with AD as I just don’t understand it?
I do have some other questions to:
1.       What is the behavior of the AD security provider for DNN? I would expect that it allows the administration page to pick up users from our AD and launch them into the DNN database so that they can be assigned DNN roles. I’d also imagine that when a user logs in they are first authenticated against AD rather than the DNN users table, then DNN correlates the login with the users table to pick up the roles.
2.       Under which security context should the DNN site run? Should the site impersonate the logged in user as with Sharepoint or should the site run using a service account and the DNN code handles the rest using the user principal ID on the request?
 
A lot of questions I know, but help with any of them would be much appreciated, and I think it be of benefit to others having the same issue.
Thanks.
Kevin

 
 
New Post
6/28/2009 3:52 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Kev wrote
 

 

Hi,
Im pretty new to this but I have installed the AD provider and authenticated using a root domain account. I have followed all the steps on the documentation but things arent working they way i believe they should.
I dont really understand why you need to put the domain account into the web.config file. Does this not mean that everyone hitting the site will be logged in as that user? For example the root account is :
entplc\svc_intranetdnn
My account is:
            Sites\kwing
'Sites' is a child domain in entplc, so how will it recognise my account if im using impersonation?
Normally your site runs under the local computer account Network Service. All impersonation does is use another account to run under. The AD provider will use the account that's logged onto the client computer to authenticate.
When even I hit my site, I do not get a windows prompt to login. The documentation says that I should (I have not applied the ‘Other settings’ yet because I just wanted to see it working).
Could someone please let me know the behavoiur off DNN with AD as I just don’t understand it?
Are you getting redirected to WindowsSignin.aspx? If you go to http://<yoursite>/desktopmodules/authenticationservices/activedirectory/windowssignin.aspx do you ge the prompt then?
I do have some other questions to:
1.       What is the behavior of the AD security provider for DNN? I would expect that it allows the administration page to pick up users from our AD and launch them into the DNN database so that they can be assigned DNN roles. I’d also imagine that when a user logs in they are first authenticated against AD rather than the DNN users table, then DNN correlates the login with the users table to pick up the roles.
That is correct.
2.       Under which security context should the DNN site run? Should the site impersonate the logged in user as with Sharepoint or should the site run using a service account and the DNN code handles the rest using the user principal ID on the request?
I think I answered this above.
 
A lot of questions I know, but help with any of them would be much appreciated, and I think it be of benefit to others having the same issue.
Thanks.
Kevin

 
 
New Post
6/29/2009 3:23 AM
 
Kev

Joined: 4/28/2009
Posts: 20

Hi Mike, thanks for your response.

Normally your site runs under the local computer account Network Service. All impersonation does is use another account to run under. The AD provider will use the account that's logged onto the client computer to authenticate.I am logged into the client as sites\kwing so im not really sure why we need to put anything into the identity tag in the web.config? Is it just so when we are configuring the the AD settings it can see an account, and thereafter it can be removed?

Are you getting redirected to WindowsSignin.aspx? If you go to http://<yoursite>/desktopmodules/authenticationservices/activedirectory/windowssignin.aspx do you ge the prompt then?  Im not being re-directed to the WindowsSignin.aspx. I have tried what you suggested and it just redirects to default.aspx. I have also tried browsing to this page via IIS with the same result?

 

If your able to comment or provide any other steps, it would be much appreciated.

Thanks,

Kevin
 
New Post
6/29/2009 9:18 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

You may need to use impersonation (I haven't found a definitive reason why some need to and others don't) for the initial contact with the AD.  The impersonation account contacts the AD and verifies that the client's user account is valid. You may be able to remove it after the initial setup but I can't guarantee it.

As for your second problem (WindowsSignin.aspx).... what OS is your server running?
 
New Post
6/29/2009 9:34 AM
 
Kev

Joined: 4/28/2009
Posts: 20

If it turns out that I do have to use impersonation, does that not mean that all users hitting my site will authenticate using those credentials. If so, i think that removes the benefit of using AD really?

Im running windows XP, service pack 2. Im just doing a proof of concept on my local machine before we look at implementing it on our intranet (windows server 2003)

Thanks,

Kevin.
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD behaviour in DNNAD behaviour in DNN


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out