Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD passwords stored in DNNAD passwords stored in DNN
Previous
 
Next
New Post
10/19/2005 3:58 PM
 
Adam Larsen


Joined: 8/5/2005
Posts: 5

I have been doing some digging in the General forums about the TTT Authentication module and found this thread.

http://forums.asp.net/ShowPost.aspx?PageIndex=1&PostID=1020196#1020196

 The summary of which is TTT Authentication stores the AD user’s password in the DNN DB.  I am not sure that you’re using TTT Authentication as the starting block for the AD module (but being Tam is the lead I bet you are).

The question/concern is.  Is this really needed?  I can see why as an “add on” it would be easier to do this, but now that AD is going to be in the core are there plans to change this?

I would prefer to not have my users passwords stored outside of LDAP/AD.
 
New Post
10/20/2005 12:51 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865
You raise a valid point from a security point of view. It also raises the question of what happens if the AD is setup to force users to change their passwords every X months. We run a printing application at work that also authenticates initially to the AD but unfortunately the developers didn't consider the password change enforcement that's used (the majority of their clients aren't on AD yet).
 
New Post
10/20/2005 12:08 PM
 
Robert Lyda

Joined: 11/14/2003
Posts: 82

I would tend to concur, store this sensitive data in one place only. 

But....what about when operating in mixed mode?  What about when the user is outside the firewall?  What about when the portal server is up, but the AD servers are down?

Perhaps this should be an administrative option, with the explaination that without it, some circumstances might keep a user from accessing the portal--possibly with nothing wrong at the portal.
 
New Post
10/21/2005 2:02 PM
 
Adam Larsen


Joined: 8/5/2005
Posts: 5

RLyda wrote

But....what about when operating in mixed mode?


If you register a users in the DNN DB they enter a password when they create there account, that's fine.  What I am talking about is the process of automatically crating the account when an AD user logs in.  All you have to do is inform the system that this account is an AD account and to get the password from LDAP.

What about when the user is outside the firewall? 

You can still use any method of authentication you like, as long as they can see the portal, the firewall will have no impact on this.  (Being the Portal is behind the firewall and it's responsible for talking to LDAP)

What about when the portal server is up, but the AD servers are down?

If AD/LDAP is down, sorry to say, but you don't have a network…  If someone is in a place where there AD servers can go off-line, they need to except that possibly, reevaluate there network configuration, or not use LDAP authentication for there portal.

I know some smaller networks don’t have the budget to setup AD the way Microsoft ™ recommends, but in a case like that the portal being up is going to be your users last complaint, and the last thing you need to be concerned with.

I don't mean to be a jerk about this, but having a poor security model because of someone else’s lack of planning and/or poor network design doesn’t fly with me.
 
New Post
10/21/2005 2:15 PM
 
Robert Lyda

Joined: 11/14/2003
Posts: 82
You're thinking too small....think DMZ!  My Internet boxes had better NOT be on the primary LAN!  So, yes, the internal LAN could be down (or simply inaccesible because of DMZ-LAN firewall issues) and my portal host still be humming along...
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD passwords stored in DNNAD passwords stored in DNN


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out