I have been testing the ActiveDirectory 01.00.05 module on a DotNetNuke 04.09.03 website, in virtual machines, to test if its functionalities can fit what we pretend in our company. Unfortunately, I haven't managed to get it working the proper way. This is what we want:

a) for intranet users, logged in on startup in Windows using ActiveDirectory, the website would recognise them automatically and log them in without prompting anything. No IIS login dialogs, no website login forms, nothing.

b) for any other users, the website would not recognise them automatically, and then they could log in using their own AD username/password through the usual login form on the website. This would be highly useful for users trying to access the company intranet at home.

Well, the main question is: is this behaviour actually possible? From what I've understood from the forums and the documentation (I'm following the 01.00.04 documentation), there are trade-offs but it is. From my actual tests, it hasn't been possible, and I've been getting different behaviours from what's described in the documentation.

Most of the configuration options described seem to have no effect. No matter what I do with web.config, folder permissions, module options, the site always seems to behave the same: the first time the user logins, they get a IIS login dialog box. Then they get logged in and remembered by the website for about an hour or so. Afterwards, the login dialog box is back. If I press cancel when the dialog pops up, it gives me a "forbidden" error. But then if I put the website main URL I get access and am free to browse the website for about an hour. Until the login dialog box is back again.

The only way I get the login box to disappear is by commenting out <add name="Authentication" type="DotNetNuke.Authentication.ActiveDirectory.HttpModules.AuthenticationModule, DotNetNuke.Authentication.ActiveDirectory" />. But then, the users don't get logged in automatically, unless they input their username/password in the website login form. Then they get remembered by the website. For about an hour.

I've tried setting and un-setting the website as part of the users' "trusted sites" in IE. Switching to Windows authentication in the web.config. Removing and giving permissions for anonymous access in the website folder. Adding and removing IP ranges to the Auto-login thing in the module options. Commenting and un-commenting the "impersonate" part in the web.config, using and not using a specific user in the module options. Nothing seems to work or make much difference.

I'm also having some weird side-issues, such as users sometimes being prompted to change their middle and last name in the website, right after they login using the website form; host accounts logging in sometimes as their Windows accounts without permissions; and duplicate users in the database (as "user" and "DOMAIN\user").

Any ideas? It would be greatly appreciated.

Cláudio Alegria

That's a good question actually, because I don't have real computers running this, I'm simulating an active directory network through virtual machines all running on the same PC. I only set up 1 of the machines as an Active Directory client, so haven't tried it anywhere else. I'll try installing another VM from scratch as a AD client to see if the same happens.

Maybe the configuration went wrong with AD and DNS, and not in integrating AD with DNN. I'm particularly suspicious about DNS because around the time I configured it, all my VMs (including the ones that weren't a part of these tests) stopped getting internet access.

Thanks.

Found the problem. I hadn't added the site to "local intranet", only to "trusted sites", putting it in "local intranet" fixed it. Oops.

Now the site works just as explained in the documentation. Except it's not really the ideal solution - having login boxes popping up for the extranet users, or having two different links for intranet/extranet (one to windowssigning.aspx, another to the normal form), are awkward situations in terms of usability. I suppose nobody ever managed to get around it?