Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationServer in DMZ ProblemServer in DMZ Problem
Previous
 
Next
New Post
12/8/2007 11:51 AM
 

Joined: 1/1/0001
Posts: 0

Hello,my problem is that we reinstall DotNetNuke in a server in a DMZ. Server is not in domain now and I can't get work AD authentication.

When it was in domain it works

When I go to admin authentication it fails.

Any idea?

Thanks in advance
 
New Post
12/9/2007 6:09 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

I believe the server has to be on the domain of the AD it's connecting to or it gets booted. And from my testing it's not a DNN/.NET issue but rather an MS implementation/security deal. Why I say that is a few weeks ago I was trying to use some third party tools to do some testing against my AD at home and if I tried to connect to the AD using my laptop (which is on the domain for my workplace but I was at home connected to my home network) I was denied everytime even though I was using my domain admin credentials. Installed the same programs on my home computer and I had no problems at all accessing the AD.
 
New Post
12/10/2007 9:05 AM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

For some reason I was thinking that DNN was using LDAP to do authentication, but the more I think about it the more confused I get.  Is it using SMB?  In any case, that server needs to authenticate to the Domain, and that is difficult in that configuration.

That is one of the major pitfalls of putting "anything" in a DMZ.  The whole purpose behind a DMZ is to keep outside-facing servers from being able to access your internal servers, so intentionally attempting to bypass that is defeating the purpose of having a DMZ in the first place.  Personally, I'd prefer to put the IIS server on the Internal network and then publish that server through an ISA server.  But I know a lot of people on these forums have surprisingly little control over their network design.

 
 
New Post
12/10/2007 10:28 AM
 
Tom Ciecka

Joined: 1/25/2006
Posts: 5

This is the issue that I've got at the moment. 

And yes, you are correct, I do not control the network architecture at my place of work.  I imagine a lot of IT shops are this way in the corporate world.

The server that I want to run DNN is in the DMZ and the admin will not allow it to be attached to the domain because of this.  If it's not on the domain, the AD provider fails.  The problem is that the corporation would like users of this portal to be able to use their AD credentials to log in.  LDAP is the only protocol that isn't blocked from the server, and would be a workable option.  The only issue is that there is no LDAP provider for DNN.

It's pretty clear that the developers have no interest in developing an LDAP provider.  Noone responds to questions about it.  There was a third party developer who hacked together a working provider for 4.3.x at one point, named Toby Kraft.  He never released a binary, only source.  I'm strictly an end user of DNN, and I'm unable to port his work or even get it to function with 4.3.x.
 
New Post
12/10/2007 11:15 AM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

Well, there is good news and bad news on this... 

The good news:  Since the authentication provider was seperated from the core, there is a huge potential for third-party developers to develop an infinite number of different authentication sources.  Creating a provider will be much-much easier than it was before, and we will probably see an onslaught of different ones coming up in the near future.

The bad news:  Right now there isn't an LDAP provider available, and I haven't heard of any in development.  This is a pity, since it is a very well know protocol, and would open up the door to authentication from a huge variety of platforms.

If you're not getting responses to your posts, then you are probably posting in a way that is not attracting attention.  I know in the past I've had to ask the same question several times in different ways just to get a response.  Once you do find the right people, you will probably get the answer you seek within a short time.  Don't give up, just keep trying. 

Make sure you post in the right forum areas also.  There are thousands of messages added every day and few, if any, people read all of them.  Have you tried the developers area? 
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationServer in DMZ ProblemServer in DMZ Problem


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out