mikeh wrote
It depends on where your users are coming from. If they are internal users (they use computers that belong to the same domain as you setup the AD Provider for) then the site needs to be added to either the Trusted Sites or Intranet sites in the Internet Options (this can be forced on all users via Group Policy). If they are external users then you need to comment out in the section in your web.config. The side effect of this is that internal users will not be automatically logged in.
Hi Mike,
I'm wondering about this. I have been doing an intranet for over a year with AD authentication on my Production site and AD authentication plus auto login on a development site. I'd like to do the auto-login on the Production site too, but with my setup it isn't ready for prime-time yet. I have users who are on the WAN who can auto login to DEVsite either from my native domain or also from another domain which lives on the same WAN (but not in any shared forrest). so far so good. But I also have the majority of my users logging in through a SSL-VPN connection. So where do they fit into the above statement? The VPN doesn't log them formally into the domain but auto-login does work with two annoying exceptions.
First, when you log out, the cookie which it creates keeps auto-login from working. I just get the unauthenticated homepage when I reconnect. I don't know how long that takes to expire. And the only way around it is to delete the cookie, something generally beyond the average user.
Second, When I log on with one AD account, the cookie maintains it such that if I disconnect from the site and VPN and then reconnect with a different AD account it still logs in with the first account. Not good given that many of my users in a confidential healthcare setting could need to share computers. This has happened with versions dating back to at least 4.0. I just did a clean install of 4.6.0 using the starter kit with the install wizard and selected AD authentication and it still has the logout problem.
I have seen something here in forums about the case of the domain name in the "domainname/username" user name format affecting authentication... could you explain this and the current state of the art with 4.6.0? My AD is set up to render accounts in the newer format of username@domainname.com but DNN accounts are still created in the DOMAINNAME/USERNAME format anyway so I'm wondering if this is part of the issue or whether it is the way my domain or AD are set up.
Is it really either or with what you mentioned above or can both be made to work?
Sorry for the convoluted post here. Please feel free to address whatever parts you can here. We'll all get there eventually.
Thanks,
Hal