Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationActive Directory Only Login As AdministratorActive Directory Only Login As Administrator
Previous
 
Next
New Post
11/11/2009 11:18 PM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

The reason why I asked is to make sure you can make changes without affecting everyone.  I'm not entirely sure, but to me it sounds like you are putting too much into it, which is why you're running into problems.

- Install a fresh copy of DNN so that you get all the default settings.
- Modify the web.config file to ONLY add in the correct database information, make no other modifications from it's original state.
- Set the NETWORK SERVICE account to have FULL access to the DNN subdirectory.
- Test the DNN install to make sure it is working properly with DNN accounts.
- Install the AD Authentication module.
- Modify the permissions on the WindowsSignIn.aspx file in IIS.
- Go into the Authentication Module configuration page and enter all the information for your domain.  When you submit the information, it should give you a nice green icon saying it was setup correctly.  If you don't get that, check your settings.
- Add your website in as a trusted or Intranet site in Internet Explorer on a workstation that is part of the domain and browse to your website to test it.

What I'm basically saying is that the DNN AD Authentication module works perfectly with very little configuration to DNN.  Too many people get caught up in the impersonation settings and/or the Windows/forms authentication settings, etc...  If your domain is setup like you said, you should not need to do ANY modifications to your web.config file outside of setting your database information. 
 
New Post
11/12/2009 3:08 PM
 
Thomas B

Joined: 10/17/2009
Posts: 18

Thanks for the detail instructions.

I did it exactly as you wrote, but it's still the same thing.

The strange thing is, I can login with the "administrator" user of my domain.

The user is added to the User List of dotnetnuke.

But I cannot log in with any other account, not even the "dnn" account under which the whole system runs, it's the user that I put into the IIS application object wihich also accesses the database.

Again: is there a log where I might find some error messages?
 
New Post
11/12/2009 9:25 PM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

Thomas B wrote
But I cannot log in with any other account, not even the "dnn" account under which the whole system runs, it's the user that I put into the IIS application object wihich also accesses the database.

What do you mean by this?  How do you have that part setup?   The account you use to access the SQL server should be a DBO of the database, and probably should not be an account you use for anything else (for security purposes).  The account information for the SQL access should not in IIS, but in the web.config file. 
 
New Post
11/13/2009 5:55 PM
 
Thomas B

Joined: 10/17/2009
Posts: 18

OK I might have done it wrong, but the system works.

I don't thing the login problem has something to do with the user that is accessing the database.

Again: I can log in with the Administrator, but not with any other account???

Since I use the IIS User to access the database, I have no need to put a Username/Password in the web.config. I thing this is better for security, because if anybody could get access to my web.config, he would know a password to my system.
 
New Post
11/14/2009 11:41 AM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

The system works but you can only log in with one account?  That doesn't sound like it is working to me...  If you follow the directions on how to install DNN and the AD provider, the system will work fantastic.  If you keep changing the directions to something you think will work better, then you are no longer following the directions and you will experience problems.

Also, having multiple levels of protection is one of most important things in security... If you use the same account to manage both your SQL server and IIS, you're basically putting all your eggs in one basket, if any one point is breeched, "everything" is lost.  The web.config file is protected at many levels, it is not as vulnerable as you might think.  

Create a seperate SQL account that "only" has access to the DNN database (do not make it a sysadmin account), and use that in your web.config file.  Then run your IIS system back at the default permissions set.  That will give you several levels of protection.  If any one of these levels are breeched the others will still hold, making any bug exploit nowhere near as disasterous as it would be if everything was run under one account.

 
 
 Page 3 of 6
Previous1234...6Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationActive Directory Only Login As AdministratorActive Directory Only Login As Administrator


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out