Today I set up a new DNN Site using Windows Server 2008 (IIS 7), SQL Server 2008 Express (Advanced) and DNN 05.01.00. I installed the AD Authentication Provider (version 05.00.02). I followed the steps in the manual to set the authentication modes for WindowsSignin.aspx (forms and Windows enabled, Anonymous and ASP.Net Impersonation disabled). This gives an error message in the IIS Admin saying "Challenge-based and redirect-based authentication cannot be used simultaneously.", which I ignored (this message can also be seen in the manual, so I did not care about it). The site is in the Intranet zone, and the server and the client are members of the domain. I log on as a domain user on the client.

I came to the following results:

- Application Pool: Classic mode
- Trust level: Full Trust

When starting the site in Internet Explorer, the page /DesktopModules/AuthenticationServices/ActiveDirectory/trusterror.htm is displayed, saying "The Active Directory Provider requires the site to be running under Full Trust and/or in Classic mode in IIS 7.0". Well - both is true...

-- Application Pool: Classic mode
-- Trust level: Medium trust

same thing

-- Application pool: Integrated mode
-- Trust level: Medium trust

Application starts. When I want to login, no "Windows Login" button is displayed, there is only standard authentication available. I logged in as host, went to Admin :: Extensions and clicked the pencil near DNN_ActiveDirectoryAuthentication - which led me to the same page as before (OK, this time, none of the full trust level and Classic mode settings were set... this is what the page says, so I can agree...)

- Application Pool: Integrated mode
- Trust level: Full Trust

When I go to the Provider settings, I receive an error (this is the exception from the event log):

ModuleId: -1
ModuleDefId: -1
FriendlyName:
ModuleControlSource:
AssemblyVersion: 5.1.0
PortalID: 0
PortalName: ----
UserID: 1
UserName: host
ActiveTabID: 44
ActiveTabName: Extensions
RawURL: /Admin/Extensions/tabid/44/ctl/Edit/mid/360/PackageID/69/Default.aspx
AbsoluteURL: /Default.aspx
AbsoluteURLReferrer: http://----/Admin/Extensions.aspx
UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; InfoPath.2)
DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider
ExceptionGUID: 04cb011e-a544-4438-93f5-f81755f37a5a
InnerException: Unknown error (0x80005000)
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: System.DirectoryServices.DirectoryEntry.Bind
StackTrace:
Message: DotNetNuke.Services.Exceptions.ModuleLoadException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000) at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_IsContainer() at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container) at System.DirectoryServices.DirectoryEntries.GetEnumerator() at DotNetNuke.Authentication.ActiveDirectory.Settings.CheckPipelineMode() at DotNetNuke.Authentication.ActiveDirectory.Settings.Page_Load(Object sender, EventArgs e) --- End of inner exception stack trace ---
Source:
Server Name: ----

I provided the domain settings:

Enabled: [X]
Hide Login Controls: [ ]
Synchronize Role: [X]
Do not automatically create users? [ ]
Provider: ASDIAuthenticationProvider
Authentication type: Delegation
Root Domain: ------
User name: ------\-------
Password: ******
Confirm password: ******
Email Domain: @------
Default Domain: ------
Auto login IP address: 10.0.0.0-10.255.255.255

Then I clicked the "Update Authentication Settings" link, and I receive the following message:

Accessing Global Catalog:
OK
Checking Root Domain:
OK
Accessing LDAP:
OK
Find all domains in network:
1 Domain(s):
------ (-----)

Hooray! The provider now works for manual login. Automatic login does not work. Not so much Hooray.

There is no redirect to the WindowsSignin.aspx page. When I enter the address "http://----/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx" manually, I come to the standard login page (http://----/login.aspx?ReturnUrl=%2fdesktopmodules%2fauthenticationservices%2factivedirectory%2fwindowssignin.aspx)

As I need automatic login (because I do not want to answer about 800 phone calls and explain how to use the AD login when I start the site for production), I need some help on this. Any ideas?

Thanks in advance
Michael

Mike,

thanks for the answer. My answer to your question is: No. The configuration Full Trust/Classic mode leads to the page trusterror.htm that is located in the provider directory (/DesktopModules/AuthenticationServices/ActiveDirectory) when navigating to the site.

The only configuration that "works" is Full Trust/Integrated mode, but it works only with manual Windows Login, and not with auto-login.

In the meantime, I set up DNN 04.09.04 on the same server. I installed the AD provider version 01.00.05, and I have similar effects with the configurations above.

-- Full Trust/Classic mode:
When navigating to the site, the page /DesktopModules/AuthenticationServices/ActiveDirectory/trusterror.htm is displayed. It seems to me that the redirection to WindowsSignin.aspx happens correctly, but that the script does not recognize either the Full Trust or Classic Mode or both.

-- Medium Trust/Classic mode:
same thing

-- Medium Trust/Integrated mode:
The site does not load. In the Internet Explorer status bar, there is a flickering message saying "Connecting to site ...", alternating with some other message I cannot read (because it is displayed for a very short time only) - it ends with something like "default.aspx?tabid=38". There seems to be a permanent looping redirection attempt.

-- Full Trust/Integrated mode:
Manual login works for both Standard login and Windows Login. Auto-login does not work. When navigating to Admin :: Authentication, the following exception fires (Event log):

ModuleId: -1
ModuleDefId: -1
FriendlyName:
ModuleControlSource:
AssemblyVersion: 04.09.04
PortalID: 0
PortalName: -----
UserID: 1
UserName: host
ActiveTabID: 54
ActiveTabName: Authentication
RawURL: /Admin/Authentication/tabid/54/Default.aspx
AbsoluteURL: /Default.aspx
AbsoluteURLReferrer:
UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; InfoPath.2)
DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider
ExceptionGUID: aca02f6b-05cb-43db-b0da-c059d82656a8
InnerException: Unknown error (0x80005000)
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: System.DirectoryServices.DirectoryEntry.Bind
StackTrace:
Message: DotNetNuke.Services.Exceptions.ModuleLoadException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000) at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_IsContainer() at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container) at System.DirectoryServices.DirectoryEntries.GetEnumerator() at DotNetNuke.Authentication.ActiveDirectory.Settings.CheckPipelineMode() at DotNetNuke.Authentication.ActiveDirectory.Settings.Page_Load(Object sender, EventArgs e) --- End of inner exception stack trace ---
Source:
Server Name: -----

On the page itself it reads like this (this appears below the Auto-login IP-Address text box in the Active Directory settings):

Error: is currently unavailable.
DotNetNuke.Services.Exceptions.ModuleLoadException: Unknown error (0x80005000) --->
System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000) at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_IsContainer() at
System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container) at
System.DirectoryServices.DirectoryEntries.GetEnumerator() at
DotNetNuke.Authentication.ActiveDirectory.Settings.CheckPipelineMode() at
DotNetNuke.Authentication.ActiveDirectory.Settings.Page_Load(Object sender, EventArgs e)
--- End of inner exception stack trace ---

Thanks for your help!
Michael
 

Stefan,

as written in the documentation, I did that only for the file WindowsSignin.aspx - but I tried it now for the whole directory. It did not change anything...

Grüße nach Berlin
Michael