Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationIs there a bug in the DotNetNuke.Authentication.ActiveDirectory provider?Is there a bug in the DotNetNuke.Authentication.ActiveDirectory provider?
Previous
 
Next
New Post
3/5/2008 8:23 AM
 
Evert Dieperink

Joined: 1/23/2006
Posts: 5

I discovered a problem using the ActiveDirectory authentication provider. What I noticed is that the HttpModule sets the Authentication cookie to 'undefined' in the Init. Problem is that the Init is called for every HttpApplication object in the ASP.NET pool.

In our situation we used the Media module to create a clickable link on a tab. The image of the Media module is actually an ASPX page (LinkClick.aspx) and doesn't have a portal ID. That is why the authentication can not be done the first time on the LinkClick.aspx page. But normally this is not a problem because the Default.ASP containing the LinkClick.aspx  will be executed first what will set the authentication cookie.

But... if the LinkClick is executed by a different HttpApplication object the authentication cookie is cleared and the image is not an  image but a redirect to DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx which redirects to the start page of dotnetnuke.

I think the following code is wrong. It is very strange to set the authentication cookie to undefined. The Init can be called multiple times which resets the cookie. And at this stage you don't even know the portalid.

Public Sub Init(ByVal application As HttpApplication) Implements IHttpModule.Init
    Dim Request As HttpRequest = HttpContext.Current.Request
       'Call this method to make sure that portalsettings is stored in Context
       If Not (Request.Url.LocalPath.ToLower.EndsWith("install.aspx") OrElse Request.Url.LocalPath.ToLower.EndsWith("installwizard.aspx")) Then
           Dim _portalSettings As PortalSettings = Common.GetPortalSettings
              AuthenticationController.SetStatus(_portalSettings.PortalId, AuthenticationStatus.Undefined)
    End If
       AddHandler application.AuthenticateRequest, AddressOf Me.OnAuthenticateRequest
End Sub

I removed the line  AuthenticationController.SetStatus(_portalSettings.PortalId, AuthenticationStatus.Undefined) and now everything is working allright.

Is this a bug? of am I missing something?

Best regards,

Evert Dieperink
 
New Post
3/5/2008 11:23 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

The AuthenticationStatus was set to Undefined so that authentication was forced to happen. However, this code has been changed (moved) in the .03 version of the AD provider as it was that chunk of code that was causing the problem with DNN 4.8.0.

The 01.00.03 version is currently in the DNN Release Tracker but can be found at http://dnn.gmss.org in the meantime.
 
New Post
3/5/2008 12:36 PM
 
Evert Dieperink

Joined: 1/23/2006
Posts: 5

But I still don't understand. Are you saying there is a bug in the AD Provider shipped with DNN 4.7? (which I am using)

And if I download the source on you site I get the install.

Can you also tell me why it is a beta version? Can I use it in a production environment?

Thanks in advance,

 

Evert Dieperink
 
New Post
3/5/2008 1:11 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

This is the first time anyone has reported the problem you're having so I guess you could classify it as a new bug in relation to your situation. However, when changes were made to the DNN core for IIS 7 another bug showed up that's related to the same code chunk and that's been fixed in version 01.00.03. Whether it'll fix the problem you're seeing I don't know as I need to know the steps to recreate it.

When you look at inside the source.zip you'll see a file called ActiveDirectory Source Files.resources. Change the extension to .zip and the .vb files are in there.

It's marked as a beta because it hasn't officially passed through the DNN Release Tracker and been released. Can you use it in a production environment? It's at your own risk but at this point the steps left for it to go through in the Release Tracker are mainly administrative so I don't forsee it failing and me having to resubmit a fix. I'm also using it in production on the website at the college I work for.
 
New Post
3/6/2008 12:55 AM
 
Evert Dieperink

Joined: 1/23/2006
Posts: 5

I will try it ,thank you.

If you want to reproduce, I can not e-mail my project. Sorry for that. But if you have an ASPX which uses other ASPXes (ASPX streaming images), it is possible that an image ASPX is handled by a different ApplicationObject so the Init of the HttpModule is called, and the request is not authenticated. Bacuse it is another ASPX than the default.aspx and there is not portal id, authentication will not work!!!

I also had this problem using the RadComboBox from Telerik which using an External callback page to populate it's contents.

I hope you have enough information. But if you need other information, you have to ask me.

Best regards,

Evert Dieperink
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationIs there a bug in the DotNetNuke.Authentication.ActiveDirectory provider?Is there a bug in the DotNetNuke.Authentication.ActiveDirectory provider?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out