Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAuthentication Failure - Help !!!!Authentication Failure - Help !!!!
Previous
 
Next
New Post
1/11/2009 3:01 PM
 
Roger Canann

Joined: 3/12/2004
Posts: 2

We are using DNN v4.9.0 w/ AD Provider 1.0.4. We get the "passord is case sensitive" message when trying to login with the Windows Login. The site log table has an General Exception entry as follows:

<LogProperties><LogProperty><PropertyName>AssemblyVersion</PropertyName><PropertyValue>04.09.00</PropertyValue></LogProperty><LogProperty><PropertyName>PortalID</PropertyName><PropertyValue>0</PropertyValue></LogProperty><LogProperty><PropertyName>PortalName</PropertyName><PropertyValue>FIXINTRANET</PropertyValue></LogProperty><LogProperty><PropertyName>UserID</PropertyName><PropertyValue>-1</PropertyValue></LogProperty><LogProperty><PropertyName>UserName</PropertyName><PropertyValue /></LogProperty><LogProperty><PropertyName>ActiveTabID</PropertyName><PropertyValue>36</PropertyValue></LogProperty><LogProperty><PropertyName>ActiveTabName</PropertyName><PropertyValue>Home</PropertyValue></LogProperty><LogProperty><PropertyName>RawURL</PropertyName><PropertyValue>/Home/tabid/36/ctl/Login/Default.aspx?returnurl=%2fdefault.aspx</PropertyValue></LogProperty><LogProperty><PropertyName>AbsoluteURL</PropertyName><PropertyValue>/Default.aspx</PropertyValue></LogProperty><LogProperty><PropertyName>AbsoluteURLReferrer</PropertyName><PropertyValue>http://new.fixintranet.com/Home/tabid/36/ctl/Login/Default.aspx?returnurl=%2fdefault.aspx</PropertyValue></LogProperty><LogProperty><PropertyName>UserAgent</PropertyName><PropertyValue>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5</PropertyValue></LogProperty><LogProperty><PropertyName>DefaultDataProvider</PropertyName><PropertyValue>DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider</PropertyValue></LogProperty><LogProperty><PropertyName>ExceptionGUID</PropertyName><PropertyValue>3df3b74d-3fbd-40a6-896d-507ea4c1486e</PropertyValue></LogProperty><LogProperty><PropertyName>InnerException</PropertyName><PropertyValue>Object reference not set to an instance of an object.</PropertyValue></LogProperty><LogProperty><PropertyName>FileName</PropertyName><PropertyValue /></LogProperty><LogProperty><PropertyName>FileLineNumber</PropertyName><PropertyValue>0</PropertyValue></LogProperty><LogProperty><PropertyName>FileColumnNumber</PropertyName><PropertyValue>0</PropertyValue></LogProperty><LogProperty><PropertyName>Method</PropertyName><PropertyValue>DotNetNuke.Authentication.ActiveDirectory.ADSI.ADSIProvider.GetUser</PropertyValue></LogProperty><LogProperty><PropertyName>StackTrace</PropertyName><PropertyValue /></LogProperty><LogProperty><PropertyName>Message</PropertyName><PropertyValue>System.NullReferenceException: Object reference not set to an instance of an object.     at DotNetNuke.Authentication.ActiveDirectory.ADSI.ADSIProvider.GetUser(String LoggedOnUserName, String LoggedOnPassword)</PropertyValue></LogProperty><LogProperty><PropertyName>Source</PropertyName><PropertyValue /></LogProperty></LogProperties>

The environment has 2 domains. A root domain and the child domain with the user/group objects in the child domain as well as the web server. We have tried different accounts in the AD Provider configuration and only child domain accounts can access (I believe due to trust reasons).

Accessing Global Catalog:
OK
Checking Root Domain:
OK
Accessing LDAP:
OK
Find all domains in network:
2 Domain(s):
***.loc (***)
root.loc (ROOT)

We have set the DesktopModules\AuthenticationServices\ActiveDirectory\windowssignup.aspx file in IIS as per the documentation. We also have commented out the Authentication line from the httphandlers in the web.config. However, when we try to login with the Windows Signin, we get the error message as above. If I uncomment the Authentication line in the web.config, we get the standard browser popup window to login with. However, we do not want to use this. This is an extranet site and want to use the DNN Windows Signin form.

I have also tried the Impersonate setup in the web.config, but this does not resolve this issue.
 
New Post
1/14/2009 11:25 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Is there one particular domain that's going to be accessing the site (ie. your ***.loc domain)? I don't have a multi-domain setup to test with so I can't say for sure what the problem is but I suspect it's a case of it's trying to authenticate a user from one domain against the other one and returning an error.

You could try install LDAPBrowser on your web server and seeing what information it returns for a user account you know is having trouble. That might clear up why you're getting the error.
 
New Post
4/22/2011 10:52 AM
 
Vicente Sanchez

Joined: 10/26/2004
Posts: 2
Don't know if this would help anyone, but we ran into an authentication issue that took a while to figure out the cause.  From my research on web, the cause of authentication issues varies.



Our issue had to do with the Domain Controller bound to the web server hosting our DNN Website.  We have a forest of DCs some hosted in house and others hosted at a colocation.  The web server hosting the DNN site is hosted in house.



So, our issue had to do with the round robin effect of the web server acquiring a DC hosted in house (AD Provider worked) and a DC in colocation (AD Provider Failed).



For some reason I have yet to figure out, when the web server is bound to a remote DC controller, the DNN Active Directory provider cannot read properties of the DC when searched using GC ("GC://rootDSE").  It is able to see the GC on remote site, but cannot retreive the result set.  LDAP is available and authentication happends.



The curios part is that if you reconfigured the DNN instance and IIS to force the IIS logon dialog, it is able to authenticate. That indicates to mee that NTLM and LDAP are accessible to IIS to authenticate.



I am working with our System Administrator to figure out why the remote DC is able to authenticate, but it is not able to read properties from.  At a glance, we looked at permission differences between in house DCs and the colo DCs, but they are all the same.



For now, our temporary solution is to force the AD DNN Provider to look at specific domain site for DCs to authenticate against.  We had to modify the AD DNN Provider by adding a new property to provide the site name, and we added a simple routine to retreive a DC server name within the specified site.  In this routine, we added a check to the bound DC server to see if it is in the specified site, if it is, then we let the provider use that server.  If no site name is provided, the provider will behaive as it normally would.  That is, it will use whatever DC is bound to the web server.



Again, the above experience is shared to show that it may not necessarely be an issue directly with the DNN Prrovider but it can be impacted by the Domain configuration.  The part I am trying to understand is why doesn't work using remote DCs.



Hope this helps anyone!
 
New Post
4/22/2011 3:41 PM
 
Vicente Sanchez

Joined: 10/26/2004
Posts: 2
Ok folks, I found my answer to the remote DC issue.



As it turns out, this was a new deployment DC to our infrastructure of Windows Server 2008 R2.

By default, the local security policy "Domain Controller: LDAP server signing requirements" is set to "required signing"



If this security policy is set to require signing, the DNN AD Provider will not work because the client connection to the DC

is not signed.



We are looking more into our infrastructure for signing LDAP cleint requests.
 
 Page 3 of 3
Previous123 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAuthentication Failure - Help !!!!Authentication Failure - Help !!!!


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out