Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationNon-anonymous secure LDAP connectionNon-anonymous secure LDAP connection
Previous
 
Next
New Post
7/23/2008 4:53 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Unfortunately I didn't get a chance on the weekend and it's been too busy here at work to do any extracurricular testing.
 
New Post
11/17/2008 11:04 AM
 
Brett Wilson

Joined: 2/25/2004
Posts: 14

So my network people are still recording anonymous LDAP queries every time one of my DNN users logs in to the site.  They are moving along with the initiative to disable anonymous access to LDAP which will cause all of these queries to fail. 

Has anyone ever been able to figure out why anonymous LDAP queries are being made instead of binding using the ASP.NET process account credentials (which I have configured as a network service account)?  I have Windows authentication enabled in web.config, removed all anonymous access to the entire site (and enabled Windows authentication), and commented out the <identity/> element in web.config (since I don't want it to impersonate the user, I want everything to be run under the ASP.NET service account).

I currently have "Sealing" selected as the Authentication Type in the ADSI provider config.

Thanks for any help.
 
New Post
12/16/2008 11:01 AM
 
Brett Wilson

Joined: 2/25/2004
Posts: 14

Anyone had any luck finding out where the AD provider is making anonymous LDAP queries (it appears to be when it is looking for groups).  The .NET documentation for the DirectoryEntry object says that the default constructor in .NET 2.0 creates the DirectoryEntry object with a Secure authenticaiton type.  I've been through the code a lot and I can't figure out where a DirectoryEntry object is being created with a non-secure authentication type.

Another issue with the security of this module is that, in an attempt to get around the problem with anonymous LDAP queries, I entered the login and password of the asp worker process service account into the AD configuration.  I was thinking that then all LDAP requests would be made using that username and password.  Not only did that not work (there are still anonymous queries), but our network people told me that it is now sending LDAP queries with a clear text password (which will also not be allowed in about a month).

Seems like both of these issues would be a high priority for this module since it involves security...
 
New Post
12/16/2008 11:17 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Brett if you turn off Synchronization do the anonymous LDAP queries still happen? If you can let me know that then it'll give me a starting point.

I'd like to try to track this down over the holiday season but I can't guarantee if I'll be able to. I'm far from an expert on ADSI and LDAP and am working with code that's from the .NET 1.0 days originally. My plan is to do a complete re-write of the code once the current version is stable enough for the majority of users.
 
 Page 3 of 3
Previous123 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationNon-anonymous secure LDAP connectionNon-anonymous secure LDAP connection


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out