New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAutoCreation of new users not workingAutoCreation of new users not working
Previous
 
Next
New Post
4/10/2013 1:23 PM
 

Yes, I get all OK's

//A

 
New Post
4/16/2013 4:19 AM
 

Status: auto creation of users still not working - SSO working for existing and new users that are manually created in DNN.
Windows 2008 R2 Standard - Service Pack 1 and latest patches
IIS 7.5

Application pool running under custom identity - domain UserNN, this user has membership in IIS_IUSRS, IIS_IUSRS have permisions on sitefolder and .NET temp folders
App pool Managed pipeline mode set to: Integrated

Web site Authentication set to :Forms Authentication only
Authentication on WindowsSignin.aspx set to:
Forms Authentication Enabled
Windows Authentication Enabled
(NTLM is set on top in the provider list)

Have configured:
%windir%\system32\inetsrv\appcmd unlock config /section:anonymousAuthentication
%windir%\system32\inetsrv\appcmd unlock config /section:windowsAuthentication

The AD provider is configured - and all OK's

When logging on with new user to http://portalXYZ the user first gets "Internet Explorer cannot display the webpage", if user refreshs he is is redirected to http://portalXYZ/login.aspx?ReturnUrl..., and get an - 401 - Unauthorized: Access is denied due to invalid credentials.

If I create the user in DNN manually, the user is SSO'ed in fine.

Mike does there exist a debug version of the AD provider that has some logging possiblities?
(would be nice if there was a config setting on loglevel - where you could configure more logging - user creation/errors etc.)

//A

 
New Post
4/16/2013 6:40 AM
 
Seems like there some hickup some where .... But where - aaarghhhhh ;(

User is redirected to the WindowsSignin.asp, and it runs ....

Client connects to webserver:

2264 30.289245000 10.11.2.22 10.11.32.27 HTTP 1092 HTTP/1.1 302 Found
2265 30.303246000 10.11.32.27 10.11.2.22 HTTP 1086 GET /DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?portalid=0 HTTP/1.1
2266 30.512826000 10.11.2.22 10.11.32.27 TCP 54 http > 52692 [ACK] Seq=1523 Ack=2100 Win=65536 Len=0
2268 30.628782000 10.11.2.22 10.11.32.27 HTTP 155 HTTP/1.1 401 Unauthorized (text/html)
2270 30.633695000 10.11.32.27 10.11.2.22 HTTP 1164 GET /DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?portalid=0 HTTP/1.1 , NTLMSSP_NEGOTIATE
2271 30.809466000 10.11.2.22 10.11.32.27 HTTP 853 HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
2273 30.811132000 10.11.32.27 10.11.2.22 HTTP 288 GET /DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?portalid=0 HTTP/1.1 , NTLMSSP_AUTH, User: DOMAIN\test-aula2
2274 30.811190000 10.11.2.22 10.11.32.27 TCP 54 http > 52692 [ACK] Seq=3883 Ack=4904 Win=65536 Len=0


Webserver/ad provider auth towards AD

2324 31.318898000 10.11.2.22 10.11.0.101 DNS 77 Standard query 0x7069 A SOMEDC02.domain.com
2327 31.343855000 10.11.2.22 10.11.0.102 TCP 66 65054 > epmap [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
2331 31.363218000 10.11.2.22 10.11.0.102 DCERPC 214 Bind: call_id: 2 Fragment: Single, 3 context items: EPMv4 V3.0 (32bit NDR), EPMv4 V3.0 (64bit NDR), EPMv4 V3.0 (bind time feature negotiation)
2338 31.394440000 10.11.2.22 10.11.0.102 DCERPC 267 Bind: call_id: 2 Fragment: Single, 3 context items: RPC_NETLOGON V1.0 (32bit NDR), RPC_NETLOGON V1.0 (64bit NDR), RPC_NETLOGON V1.0 (bind time feature negotiation)
2340 31.464999000 10.11.2.22 10.11.0.102 RPC_NETLOGON 974 NetrLogonSamLogonEx request

In between I can see traffic to the DB server doing a dbo.getuserbyusername DOMAIN\test-aula2, but client/webserver goes into a loop - 6-10 times:

3036 33.383012000 10.11.2.22 10.11.32.27 HTTP 891 HTTP/1.1 302 Found
3037 33.384923000 10.11.32.27 10.11.2.22 HTTP 1114 GET /DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?portalid=0 HTTP/1.1

And then the user ends up with "Internet Explorer cannot display the webpage"
 
New Post
4/16/2013 10:59 AM
 
No, I've never used a debug version as I'll usually just set breakpoints and step through the code when debugging.

Is the site in the trusted sites/intranet sites list on the client computer? If it is what happens if you remove it? Do you get the IIS popup asking for credentials? I just tested on my 2008 R2 SP1 server at home from here at work and when I canceled the IIS authentication popup I got a 401 but if I enter my credentials it works just fine.
 
New Post
4/16/2013 3:01 PM
 

Hi, tried to use firefox and type username&password - does not either work - firefox complains that the website is causing a redirection loop ....
The following cookies gets created: 

NAME DNNReturnTo
VALUE /login.aspx?ReturnUrl=%2f&AspxAutoDetectCookieSupport=1
DOMAIN dnnportal.domain.com
PATH /
EXPIRES 16.04.2013 21:00:37

NAME authentication.status.0
VALUE 858E89238A7688C79BEE66FF580482F2F951345C9AA02CE5ABF216C80D3AF159325AA2B347DD92508B62E993534D9C1F8A5AC30CB1F5528C872EFD581F906F907C6D5BC787CA38C6EB768D3174E569D073E9F9ADE598ADE9EA51DFB24EE1003626373DAAD4F3BAAD95FBDABAE0B043546A453643C2E2C48F9FD201863D1910F6BF75C967ECD3741031621428663CAA367EEB5219AC24364AA9DF2E0BAB222E155918642A
DOMAIN dnnportal.domain.com
PATH /
EXPIRES 16.04.2013 21:55:37
 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAutoCreation of new users not workingAutoCreation of new users not working


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.