Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationNew user not being created in DNN after successful AD authNew user not being created in DNN after successful AD auth
Previous
 
Next
New Post
12/4/2007 4:14 PM
 
Mihir Sheth

Joined: 2/20/2007
Posts: 17

I installed the AD provider separately and am using mixed-mode forms based authentication in 4.6.2 (upg. from 4.5.3). when i try to log in as a domain user who hasn't logged into DNN previously, it says login failed. but when logging in as a domain user for which DNN has/had created a local a/c previously, it lets me through, even after i delete this latter a/c from DNN (although, it doesn't add me to the DNN admins group automatically like it used to for users in the Domain Admins group but thats a diff. issue). Anyway, i know the credentials are being checked against AD because we have a domain policy to lock an account after 3 unsuccessful attempts and the accounts ARE getting locked if we try incorrect passwords 3 times in a row. so i see the problem as DNN not being able to create a local a/c for "new" domain users after successfully authenticating against AD.

Also, from all the testing, it seems like the domain password is being stored in DNN as well, which is very uncomforting. I can log in using AD credentials even with the 'Standard' login selected and I know that it is not checking against AD because even if I enter incorrect passwords more than 3 times, it does not lock out my AD a/c - on the contrary, it locks out my DNN a/c after 5 invalid attempts for 10 mins. (the DNN default).

Can you please shed some light on these issues? Thanks! ~M$
 
New Post
12/5/2007 11:15 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

So if you delete an account that has been working and then login successfully does the account get created again? I've never run into that (works for some not for others) which is essentially what it's doing if it's recreating the account that has been deleted. When you do the setup of the AD (or check it and click update) are you getting all OK's or are there any failures at all?

Users are not automatically added to the admins group and have to be manually added. That was a security change with the 01.00.00 release of the provider.

The domain password has always been stored in DNN and it's something I'm uncomfortable with as well and will be changed in a future version.
 
New Post
12/5/2007 12:03 PM
 
Mihir Sheth

Joined: 2/20/2007
Posts: 17

Yes; 'previously working and then deleted' accounts get recreated in DNN after successful AD login but no new AD accounts (ie. AD accounts DNN has never known about) are being created; I am able to create local DNN accounts from the User Accounts page though. The AD setup seems to be happy in all its 'OK in green triangle' glory -> Accessing Global Catalog: OK Checking Root Domain: OK Accessing LDAP: OK Find all domains in network: 1 Domain(s): <domain>.

Btw, if the domain password is stored in DNN, can you list a couple of real benefits of using AD authentication? I am trying to gauge if its worth it for the small number of content editors we have right now.
 
New Post
12/5/2007 12:40 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Is there anything showing up in the EventViewer when the accounts that fail try to login?

Benefits of using AD? It really depends on your situation but I guess the major one is if you want your intranet users to be able to login automatically which I think is the majority reason why people use the AD provider.

I should also note that while the password is currently stored in the database if the user changes his password on the AD and enters that in DNN it does then go back to AD to authenticate the user.
 
New Post
12/5/2007 1:27 PM
 
Mihir Sheth

Joined: 2/20/2007
Posts: 17
Entering the correct password does not generate an event in EventViewer (with its default settings) but the following is what I get when I enter a wrong password so don't know how much that will help.

12/5/2007 1:13:33 PM   General Exception

AssemblyVersion: 04.06.02
PortalID: 0
PortalName: <deleted>
UserID: -1
UserName:
ActiveTabID: 407
ActiveTabName: Secure Login
RawURL: /SecureLogin/tabid/407/Default.aspx?returnurl=%2fDefault.aspx
AbsoluteURL: /Default.aspx
AbsoluteURLReferrer: https://<deleted>/SecureLogin/tabid/407/Default.aspx?returnurl=%2fDefault.aspx
UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.04506.30)
DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider
ExceptionGUID: 665c0215-90cd-4158-a710-931d5dbc0e84
InnerException: Logon failure: unknown user name or bad password.
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: System.DirectoryServices.DirectoryEntry.Bind
StackTrace:
Message: System.Runtime.InteropServices.COMException (0x8007052E): Logon failure: unknown user name or bad password. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_NativeObject() at DotNetNuke.Authentication.ActiveDirectory.ADSI.ADSIProvider.IsAuthenticated(String Path, String UserName, String Password)
Source:
Server Name: WEB-001

On password storage issue: When user changes domain password, does DNN go back to AD even with the 'Standard' option selected? So would this be the order of failure events: (check against local DNN DB -> if incorrect password, check against AD -> still incorrect, display logon failure message) ?

 
 
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationNew user not being created in DNN after successful AD authNew user not being created in DNN after successful AD auth


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out