Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationneed help with adneed help with ad
Previous
 
Next
New Post
10/23/2007 2:43 PM
 
susan stubbs

www.shelby-sheriff.org
Joined: 1/4/2005
Posts: 18

Hi,

I have installed DNN4.62 to a development server, and have successfully enabled Active Directory module. I am using this entirely as Intranet for AD users only. So far the users can go to the site and be logged in automatically and there account is populated fine. I am not however getting the users into the proper security roles and I really need this function to create permissions to apply to the pages so that the users can only view certain pages in the Site. Example: I have setup security roles in DNN as such to mimic the same security group in AD. Such as this: DOMAIN/GroupA, DOMAIN/GroupB. In my Active Directory there are the same security group objects called GroupA, and GroupB, and they are located inside 3 nested OU objects beneath the DOMAIN. Why are my users not put into the DNN security roles I have made?

Also a second issue is with the login. They are logged into the site automatically, and this part works great, however I do not want them to be able to click the Logout button AT ALL. I do not want them to be redirected to the login page with the 2 types of login. This would confuse the user and also they would not know to type in DOMAIN\username; that is too complex for them. What is the best way to prevent user from using the LOGOUT button at all. I did find a post that stated to hide it by making it the same color as the background, but I do not know what to find to do this, could someone give me a step by step on how to do this?

 
 
New Post
10/23/2007 6:28 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Security Roles: Is synchronized checked under Admin->Authentication? This needs to be checked to add the users to their roles. When you create the roles in DNN did you create them as New Roles under the Global group or did you create New Role Groups? You want to create the AD Roles as New Roles under the Global group. Are you using the NetBios name for the DNN Roles? As an example, we've got a group here at work called Business Staff but it's NetBios (Pre-Windows 2000) name is busstaff. Busstaff is the role that's needed in DNN. You can check the NetBios name in the group properties in your AD.

Login/Logout Button: Unfortunately this is the same button. I've always suggested hiding it because you (as admin/host) may need to access it. Basically, it requires editing the .css file for your skin and possibly the .ascx so that the font color matches the background color. I don't know how comfortable you are with .css and html. Your other option is to remove it completely in your skin file. I don't have any examples handy at the moment but I will try to post something this evening.
 
New Post
10/23/2007 10:43 PM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

How about removing the button from the skin, and then making a module-based link (only visible to administrators) to the logoff.ascx URL? 
 
New Post
10/26/2007 3:07 PM
 
susan stubbs

www.shelby-sheriff.org
Joined: 1/4/2005
Posts: 18

Hello,

Security Roles: Is synchronized checked under Admin->Authentication? Yes.

When you create the roles in DNN did you create them as New Roles under the Global group or did you create New Role Groups? New Roles.

Are you using the NetBios name for the DNN Roles? Yes, the pre-2000 name for the security group such as DOMAIN\groupA just like in properties in AD console. Let me say specifically I enter "groupA" into the create new role window, not "DOMAIN\groupA".  We have just one DOMAIN, and no forests, other DOMAINS etc. but the AD security group objects are nested down in about 3 OU objects.

Yes I have managed to Hide the Login/Logout Button on the Skin that is being used, or if I wanted to I could just remove this code block from the skin's page:

<dnn:LOGIN runat="server" id="dnnLOGIN" cssClass="LoginUser" /> after creating a login module on a specific page for Admins as you have suggested.

I did figure it out finally but still have the issue with users not being put in proper roles.

I have done all these things, yet when user autologs in for the first time,  the account does not get put into the DNN security roles that I have created (mirrored from Active Directory). The user can autologin all he wants and the user account is created  fine but is never put into any role I have created. the user accounts are also listed all as this naming convention "Domain\username" and thus when trying to sort or search every user is listed under one letter of the alphabet, such as DOMAIN\username1, Domain\username2, Domain\username3. This is not as critical as getting the user into the proper security role group.

I do have the user's IE browser set for the DNN site url to be trusted in the Intranet Zone. The user gets autologged in but is not added to the DNN security role..

 

 
 
New Post
10/26/2007 3:38 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

It sounds like you've done everything correct Susan. The only other thing I can think of is using impersonation. There's a commented block in the web.config that starts with <!-- <impersonate="true" /> ....... -->. Just uncomment the <impersonate="true" /> line and change it so that it looks like this: <impersonate="true" userName="domain\username" password="password" />. The user can be any generic AD user (doesn't have to be an admin). You'll also have to give this user the same rights on your DNN install that NETWORK SERVICE has. Give that a shot and see if it works.
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationneed help with adneed help with ad


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out