Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAcitve Directory authentication with impersonation. Is it possible?Acitve Directory authentication with impersonation. Is it possible?
Previous
 
Next
New Post
2/11/2008 2:56 PM
 
eric b1


Joined: 1/27/2007
Posts: 49

Any help is greatly appreciated.  This is a company intranet and I'm using DNN 4.7 with AD authentication, and it works great.  I recently bought a module, Open_DocumentLibrary 3.0 which is a nice document management module.

This module lets you specify a UNC path to your documents folder, so rather than store all the documents on my webserver, I can move them to a storage server I have by specifying a UNC path.  However, I now run into the problem that the webserver\Network Service account doesn't have permissions on the storage server.  I've been trying to set up some type of impersonation to accomplish this, but I don't know if it's possible.  The impersonation wont work unless I turn off AD authentication, which I need.

Since both servers are on the same domain, I would think it would be easy enough to specify the proper rights on the storage server for the webserver to come across and write/modify documents. 

Has anyone got this to work, or is it even possible?  Is there an easier way to accomplish this?  Any help is greatly appreciated, thanks!
 
New Post
2/11/2008 5:00 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

You can use impersonation with the AD provider. It's quite often needed to get the AD provider to work and is covered in the documentation.
 
New Post
2/14/2008 10:32 AM
 
eric b1


Joined: 1/27/2007
Posts: 49

Mike, thanks so much for your help and your documentation, much appreciated.  I did get it to work correctly, but please excuse my limited understanding of impersonation:  I don't fully understand what I'm impersonating!

If the site is authenticating each user to the site by their AD account, and I've added the impersonation, how do I know which is which, and when impersonation is being used?  Also, I used an Administrator account in the impersonation setting, because I know it has permissions to the files I was trying to access.  Is this too much permission for impersonation?  Should I be using an account with less permissions?

Thanks again!
 
New Post
2/14/2008 11:03 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

When you use impersonation the application runs as the user account you specified instead of the standard Network Service account. So any interaction on the computer (adding files to DesktopModules when installing a module for example)  or interacting with other computers (AD server for example)  is done as the impersonated user.

My personal opinion on an account to use for impersonation? I'd use an account with very limited permissions to the domain as a whole and just give that account the necessary permissions on the DNN install. I've yet to hear of a web.config being compromised but why risk it?
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAcitve Directory authentication with impersonation. Is it possible?Acitve Directory authentication with impersonation. Is it possible?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out