Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationADSIProvider does not work outside of AD domain?ADSIProvider does not work outside of AD domain?
Previous
 
Next
New Post
12/9/2008 4:50 PM
 
Ronald

Joined: 10/28/2008
Posts: 10

Hi Marc,

Glad to help you. In the meantime I've made some additional changes while debugging my way through the code. I think I've touched all the necessary parts. Except Settings.ascx, I'm in a project and there isn't much time as usual... I could also send you the updates if you'd like? In the end I added one setting to the database (table ModuleSettings) named AD_DomainController and made sure it was used everywhere. It took me about a day to make all necessary changes.

Some things you may have to take into account (I had to):

Somewhere the attribute tokenGroups is read to determine user memberships. Somehow the account I used to access the AD could not read this property, so I had to explicitly grant this permission (see http://www.bomgar.com/remotedesktopaccess/bpldapgroups18.htm). I'm not sure whether this is caused by the fact that I'm not part of the domain.

In the same part the result of reading the tokenGroups attribute is used to determine NTAccount's. This does not work for all groups. Some are returned as SecurityIdentifier's that can not be translated into NTAccount's (IdentityNotMappedException). I wrote a method that retrieves the DirectoryEntry based on the sid and reads the sAMAccountName.

Regards,

Ronald Wildenberg
ITQ Celerior
 
New Post
12/10/2008 5:05 PM
 
Marc Arbesman

Joined: 6/2/2005
Posts: 4

Hello Ronald,

Again, thank you for all the information.  I have a working solution now as well.  It uses two modules settings, one as a boolean to specify the use of a remote server, and a string for the IP or domain of the server itself.  The boolean is used mostly for the UI to show and hide the text box to enter the server address.   But it's also a nice check to use when dynamically building the GC and LDAP strings. 

I would definately be interested in viewing your updates and even possibly consolidating our efforts for submission back to the community (if they are interested, of course).  Please let me know what the best way for you to send me the updates.

I am curious to see what you are talking about the with tokenGroups.  I understand the problem, but I didn't run into it.  And using the sAMAccountName makes sense as we are targeting Active Directory primarily.  I used the sAMAccountName in the previous project I worked on using this type of integration in .NET web app.

Regards,

Marc Arbesman
ThrottleNet Inc.
 
New Post
12/11/2008 8:34 AM
 
Ronald

Joined: 10/28/2008
Posts: 10

Hi Marc,

I think the most convenient way for sending my updates to you is by e-mail. My address is rwwilden_at_gmail_dot_com. If you send me an e-mail there I'll send you my updates. I think it works best if I send you the individual files I changed?

I took a slightly different approach than you did because I added only one property: AD_DomainController (IP/hostname of a domain controller). I did have the other boolean property like you but removed it again because I think it isn't necessary: whether you're inside the domain or not, you should always be able to specify what domain controller to connect to.

I hope this can become a part of the official source code. It extends the reach of the AD authentication provider to all situations where an AD is accessible but where you are not part of the domain. And it does not break any of the existing functionality. Mike, can you comment on this?

Regards,

Ronald Wildenberg
ITQ Celerior
 
New Post
12/11/2008 12:01 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

If you want to send me your code I'll take a look at it. My email is mike.horton@dotnetnuke.com

 
 
New Post
12/11/2008 4:12 PM
 
Marc Arbesman

Joined: 6/2/2005
Posts: 4

Hello Ronald,

I think I am now running into the issues you were describing in the previous post.  I'd really like to try your code, and I'll contact you via email.

Again, thank you for all your help,

Regards,

Marc Arbesman
ThrottleNet Inc.
 
 Page 2 of 3
Previous123Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationADSIProvider does not work outside of AD domain?ADSIProvider does not work outside of AD domain?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out