Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationADSIProvider does not work outside of AD domain?ADSIProvider does not work outside of AD domain?
Previous
 
Next
New Post
12/5/2008 5:31 AM
 
Ronald

Joined: 10/28/2008
Posts: 10

Hi,

I'm trying to get AD authentication working from a DotNetNuke installation that is installed on a machine that is not part of the AD domain (in the dmz). Is this possible?

Checking the ADSIProvider source code, it is assumed everywhere that the machine is part of the domain. For example, the property ADSINetwork is set to true only if the entry GC://rootDSE exists (if this would have been GC://mydomain.com/rootDSE everything would be fine).

Kind regards,

Ronald Wildenberg
 
New Post
12/7/2008 5:28 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Ronald, have you tried modifying the source so that it reads GC://mydomain.com/rootDSE? Everything I've read has been that AD will only authenticate if the server is on the domain so I've never looked at trying to get it to work if it wasn't.
 
New Post
12/8/2008 1:31 AM
 
Ronald

Joined: 10/28/2008
Posts: 10

Hi,

I'll see if I can make this work today. However, I don't think this is a problem. The actual credentials check is implemented as a bind using new DirectoryEntry(string, string, string, AuthenticationTypes) (if I remember correctly, I do not have the source code in front of me at the moment). Calling this constructor with a path GC://mydomain.com/.... is definitely possible.

Regards,

Ronald Wildenberg
 
New Post
12/8/2008 3:53 AM
 
Ronald

Joined: 10/28/2008
Posts: 10

Hi,

It works. I can successfully authenticate against an Active Directory instance in another domain. For now, I've made some hard-coded changes to the code base:

  • DotNetNuke.Authentication.ActiveDirectory.ADSI.Utilities.AddADSIPath
  • DotNetNuke.Authentication.ActiveDirectory.ADSI.CrossReferenceCollection.New(String, String, AuthenticationTypes)
  • DotNetNuke.Authentication.ActiveDirectory.ADSI.Configuration.New

And I added a function DirectoryEntryExists to DotNetNuke.Authentication.ActiveDirectory.ADSI.Configuration (DirectoryEntry.Exists(String) does not work any longer since you also need to provide credentials to verify entry existence).

Very probably I've not updated all necessary parts and hard-coding a domain into my code is a very bad idea, so could you suggest on how to proceed? Ideally, I'd also update Settings.ascx to make it possible to choose between the two options.

Maybe its even a good idea to include this into the official codebase?

Kind regards,

Ronald Wildenberg
 
New Post
12/9/2008 2:44 PM
 
Marc Arbesman

Joined: 6/2/2005
Posts: 4

Thanks for all the information.  I am trying to do the same exact thing.  I've had experience coding .NET applications to authenticate against remote LDAP servers before, so I have a little experience in the area. And I am eager to dive into the DNN provider code to see how to authenticate properly.

I am in process of taking your original work described in this thread and making the provider configurable to specify if we want a remote LDAP server, and to enter the server's domain or IP address.  If I can get this too work, I'll post my findings. 

Again thank you for pointing me in the right direction.

Regards,

Marc Arbesman
Throttlenet Inc.
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationADSIProvider does not work outside of AD domain?ADSIProvider does not work outside of AD domain?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out