Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationBetter way to log staff in than WindowsSignin.aspx? (Or registering AD accounts through DNN...)Better way to log staff in than WindowsSignin.aspx? (Or registering AD accounts through DNN...)
Previous
 
Next
New Post
4/1/2009 11:15 AM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

If you change the authentication method in IIS to Digest instead of Integrated, it will allow you to specify what realm (domain) to authenticate to.  In theory I think this is what you are talking about, but I haven't tried it to see if it works as expected. (I just might have to do that to test it out.  This whole typing of the DOMAIN\username seems to be beyond a lot of my users...)

So, did you get this straighted out then?  I have one of my servers setup with almost a hundred portals now in Mixed-Mode, so I can give you some more detailed input on that if you need it.

 
 
New Post
4/2/2009 9:31 AM
 
Lamune

Joined: 1/23/2009
Posts: 18

I haven't had time to try yet. Too many other projects of higher priority.  Maybe this afternoon...

Dan, with your portals, do you have the buttons on the login screen to chose between login types, or did you go with a different approach?

 
New Post
4/2/2009 9:44 AM
 
Lamune

Joined: 1/23/2009
Posts: 18

[QUOTE]

Mike Horton wrote

Becareful with hiding the login controls. The Windows login is the only login control that will check the AD. When you've got Hide Login Controls checked you are hiding the Windows Login control so none of it's code is ever called.[/quote]

Mike, I've been thinking about this to make sure I understand how this works. This disables the AD the control on just the standard Login page? Links directly to the WindowsLogin.aspx page would still be fine? (I'd imagine this is the case, otherwise I wouldn't see the point of it.) If that's correct, this shouldn't  be a problem. All I'd need to do is set up a staff link, and make sure IIS is configured properly, and call it a sucessful fix.

 
New Post
4/2/2009 1:03 PM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

Lamune wrote

Dan, with your portals, do you have the buttons on the login screen to chose between login types, or did you go with a different approach?

Originally, I had mixed mode setup (no auto-login) where local users would have to use an IE favorite (pushed out via GPO) or a special link on the page to login by using the windowssignin.aspx method, and the public would log in via the normal forms method, both had the same login from outside of the district. 

With changes in the provider, I then changed it to use the multiple buttons like you are referring to so that the public logins and the domain logins had different login prompts (you can edit how they are worded through the Languages menu). There was still no auto-login though.

With this latest version of the provider, I did away with all of the special URLs, removed the forced favorites and enabled the auto-login.  This was because the designating of the local IP ranges started working properly, and I then defined all of my Intranet ranges to use the AD login.  From the Internet, you still see the login page, but it has two buttons above it, one says "Public Login" and the other says "DOMAIN Login", so it is much simpler for people to understand. 

For those portals where access by non-AD users is not required, I disabled the DNN login page entirely, and hid the controls, so all they see is the login prompt with no buttons above it.  But, like Mike was saying, make sure you have a back-door for sites set up like that.  If the AD authentication fails, you might not be able to get back into that portal again.  A super-user account should be able to reach it though, so it's not toooooo huge of a deal.

 
 
New Post
4/2/2009 1:18 PM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

Lamune wrote
 

Mike, I've been thinking about this to make sure I understand how this works. This disables the AD the control on just the standard Login page? Links directly to the WindowsLogin.aspx page would still be fine? (I'd imagine this is the case, otherwise I wouldn't see the point of it.) If that's correct, this shouldn't  be a problem. All I'd need to do is set up a staff link, and make sure IIS is configured properly, and call it a sucessful fix.

Let me see if I can explain this a little clearer for you. 

There are three setting you have to look at in the Admin-Authentication menu:

DotNetNuke Authentication Settings
--------------------------------------------------------------------------------
 Enabled? <-- This enables/disables the "DNN" login, if you disable it you cannot log into an account that is not AD-integrated.

Active Directory Settings
--------------------------------------------------------------------------------
 Enabled? <-- This enables/disables the "AD" login, if you disable this you cannot log into an account that is AD-integrated.
 Hide Login Controls? <-- This shows/hides the button above the login prompt to all you to switch to the AD login.


If you are using "only" DNN-based accounts use these settings:

Enabled? Yes
Enabled? No
Hide Login Controls? N/A


If you are using "only" AD-based accounts use these settings:

Enabled? No
Enabled? Yes
Hide Login Controls? Yes


If you want "both" AD and DNN logins, use these settings:

Enabled? Yes
Enabled? Yes
Hide Login Controls? No


Note:
 - Enabling each provider adds another button above the login prompt (unless the hide login controls is enabled).
 - At least one of the providers HAS to be enabled.

Hope this helps...
 
 
 Page 3 of 4
Previous1234Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationBetter way to log staff in than WindowsSignin.aspx? (Or registering AD accounts through DNN...)Better way to log staff in than WindowsSignin.aspx? (Or registering AD accounts through DNN...)


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out