Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

PortalWebHosting
  Ads  
Webhost4Life - $4.95 Windows Hosting
 


  Sponsors  

Meet Our Sponsors

Jango Studios - Skins, Modules and Hosting for DotNetNuke
eUKhost.com is commited to offer exceptional UK Windows Web Hosting solutions with quality 24x7 technical support.Our plans support ASP.Net, ASP, ASP.NET Ajax extensions, XML, MSSQL, MySQL, PHP,DNN, multiple domains and Shared SSL as standard.
SmarterTools
The Official Microsoft ASP.NET Website
Portal Webhosting - Hosting For Developers
Red-Gate Software
 


DotNetNuke Forums
 
  Forum  DotNetNuke® Pro...  Authentication ...  AD on an Intranet--My Solution
Previous Previous
 
Next Next
New Post 9/26/2006 2:55 PM
User is offline Matthew Johnson
4 posts
10th Ranked


AD on an Intranet--My Solution 

Ok, I finally got AD working on my intranet and I thought I'd post my solution.

My Senerio

Our Domain is a child domain of a Parent, so our fully qualified domain name is childdomain.parentdomain.local
We are running on windows 2003 servers, however for my test env. I'm using IIS on xp pro and SQL DB 2005 on w2k3 server.  I am working with DNN 4.3.4

1.  After setting up and installing dnn, login as the admin user.

2.  Next, in IIS--Make sure "Anonymous access" is disabled for the entire site. (mine was be default).  And make sure Windows Authentication is checked for the entire site.

3.  In the web.config---UNcomment the Authentication line.

<add name="Authentication" type="DotNetNuke.HttpModules.AuthenticationModule, DotNetNuke.HttpModules.Authentication" />

3.  In the web.config---UNcomment the  Identity impersonate line.

<identity impersonate="true"/>

4.  Back on the DNN Web site--Click the home page to reload it.

5.  Navigate to the Authentication tab (under the Admin Tab).

6.  Key the following

Windows Authentication Checked
Synchronize Role Checked
Provider ADSIAuthenticationProvider
Authentication Type Delegation
Root Domain ChildDomain.ParentDomain.Local
UserName ChildDomain\Domainuser
Password *****
Confirm Password *****
Email Domain @ChildDomain.com

CLICK UPDATE--You should see something like this

Accessing Global Catalog:
OK
Checking Root Domain:
OK
Accessing LDAP:
OK
Find all domains in network:
Here it will display the number of domain's found as well as a listing.

Example:
1 Domain(s):
childdomain.parentdomain.local (childdomain)

 

That's it.  ------------------------------------------------------------

 

Quarks

1.  The first user to visit the site after IIS is reset or the web.config has been modified AUTO-LOGIN will happen, BUT NOT ON THE SECOND USER...... weird.

2.  You must login using childdomain\username.  Both the domain name and user name are case sensitive, but not the way you think.

3.  In order for the Display Name (ie first name and last name) to be displayed beside the login/logout link the users MUST login with the domainname\username that exactly matches that in AD (case sensitive).  However I created a trigger that works around this problem.

Create TRIGGER [t_Users_InsteadOf_Insert] ON [dbo].[Users]

Instead Of INSERT

AS

BEGIN

SET NOCOUNT ON;

Insert Into Users(UserName, FirstName, LastName, IsSuperUser, AffiliateID, Email, DisplayName, UpdatePassword)

Select UserName, FirstName, LastName, IsSuperUser, AffiliateID, Email, FirstName + ' ' + LastName, UpdatePassword

From Inserted

END

End of Quarks ----------------------------------------

 

What I didn't do: 

In the web.config I didn't change from forms Authentication to Windows Authentication.  If I changed this, any user who hasn't yet created an account will not be able to reach the site.... the page loads and loads and loads.....

Leaving forms Authenication on will also allow the administrator/developer to log off as themselves and login as an administrator or another user.

I also didn't Uncomment the <trust line (<trust level="Full" originUrl="http://localhost/.*" />)

I didn't make any changes to IIS except for setting asp.net to 2.0 instead of 1.1.

 

HOW IT WORKS-----

When a user visits the site they will have to login using childdomain\username.
Their DNN account is automaticlly created. Their username, FirstName, LastName and e-mail address are pulled.  The Display Name may not have been updated (depends on how they logged in and weather or not the trigger was used).  Unless the user checks "remember me", they WILL NOT be automatically logged in.  The only execption to this is the first user that visits the site after IIS has been restarted or changes to the web.config are made.

 

This solution works for me because I can log off and log back on as an administrator or a test user.  It also allows our users to log out so others can't use their pc to make changes to the site.

 

Just one more thing.... thanks to everyone who posted their problems/solutions without this forum I would have gotten no where.  Also thanks to TAM for the AD Module.

 

matchbx
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forum  DotNetNuke® Pro...  Authentication ...  AD on an Intranet--My Solution
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


Softech Development, Inc.
We help your business work smarter with DotNetNuke. Whether you need a new implementation, a custom module or skin for an existing implementation, or integration with your business processes, Softech has the experience and expertise to make it happen.
www.softechdevelopment.com 		Module Development by Engage Software
Specializing in custom module development, training and skinning.
www.engagesoftware.com 		BataviaSoft DotNetNuke Solutions
BataviaSoft offers custom DotNetNuke solutions especially for the European and the South East Asian market.
www.bataviasoft.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP