1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Sitefinity Active Directory Intergration

Sitefinity Active Directory Intergration

10 posts, 0 answered
  1. Nathan Storms
    Nathan Storms avatar
    4 posts
    Registered:
    11 Nov 2009
    11 Nov 2009
    Link to this post
    I followed the changes outlined in the following thread to modify my sitefinity web.config as shown below. After making the changes it works for forms authentication located at /sitefinity/login.aspx but once logged in it does not all me to access /Sitefinity/Admin/Default.aspx

    Reference Thread: Sitefinity with Active Directory Intergration

    I have one major difference between the example provided and my current configuration is that the example uses attributeMapUsername="SAMAccountName" and I use attributeMapUsername="userPrincipalName". If I set the membership provider to "SAMAccountName" I can authenticate and login /Sitefinity/Admin/Default.aspx

    I am attempting to authenticate to a Active Directory that has a HMC 4.5 tenent design which mean that user accounts in Active Directory have a userPrincipalName that contain the "@" character and appear the same was as a email address.

    Here is the error after login in and attempting to access /Sitefinity/Admin/Default.aspx:

    Server Error in '/' Application.

    This type of page is not served.

    Description: The type of page you have requested is not served because it has been explicitly forbidden.  The extension '.aspx' may be incorrect.   Please review the URL below and make sure that it is spelled correctly.

    Requested URL: /Sitefinity/Admin/Default.aspx


    Version Information: Microsoft .NET Framework Version:2.0.50727.3082; ASP.NET Version:2.0.50727.3082



    Here is the error from the application event log of the application server:
    Event Type: Warning  
    Event Source: ASP.NET 2.0.50727.0  
    Event Category: Web Event   
    Event ID: 1309  
    Date:  11/11/2009  
    Time:  3:45:51 PM  
    User:  N/A  
    Computer: SERVER  
    Description:  
    Event code: 3005   
    Event message: An unhandled exception has occurred.   
    Event time: 11/11/2009 3:45:51 PM   
    Event time (UTC): 11/11/2009 9:45:51 PM   
    Event ID: 713dcb41646144d3893e27ea60a92d84   
    Event sequence: 11   
    Event occurrence: 1   
    Event detail code: 0   
       
    Application information:   
        Application domain: /LM/W3SVC/645127189/Root-1-129024494733735893   
        Trust level: Full   
        Application Virtual Path: /   
        Application Path: C:\Program Files\telerik\Sitefinity3.7 Community\WebSites\TestSite\   
        Machine name: SERVER   
       
    Process information:   
        Process ID: 7840   
        Process name: w3wp.exe   
        Account name: TESTDOMAIN\sitefinity   
       
    Exception information:   
        Exception type: HttpException   
        Exception message: You have no permissions to view this page.   
       
    Request information:   
        Request URL: http://www.testdomain.local/Sitefinity/Admin/Default.aspx   
        Request path: /Sitefinity/Admin/Default.aspx   
        User host address: 192.168.1.11  
        User: nathan@testdomain.local   
        Is authenticated: True   
        Authentication Type: Forms   
        Thread account name: TESTDOMAIN\sitefinity   
       
    Thread information:   
        Thread ID: 1   
        Thread account name: TESTDOMAIN\sitefinity   
        Is impersonating: False   
        Stack trace:    at Telerik.Cms.Web.CmsHttpModule.PostAuthenticateAdminRequest(Boolean isAuthenticated, CmsHttpRequest request)  
       at Telerik.Cms.Web.CmsHttpModule.context_PostAuthenticateRequest(Object sender, EventArgs e)  
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  
       
       
    Custom event details:   
     
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.  
     


    I also got this from the sitefinity.log file:
    11/11/2009 4:15:05 PM [UNKNOWN]  
    ************************************************************************************  
    ID: 960d6879-371e-4dff-aaf1-a19b93bdfe9f; Code: 3005; Occurrence: 1; Sequence: 3  
    ------------------------------------------------------------------------------------  
     
    Application information:  
     Machine name: SERVER  
     OS Version: Microsoft Windows NT 5.2.3790 Service Pack 2  
     Product Version: 3.7.1990.3  
     Application Path: C:\Program Files\telerik\Sitefinity3.7 Community\WebSites\TestSite\  
     Debug: True  
     
    Process information:  
     Process ID: 8284  
     Process Name: w3wp  
     
    Request information:  
     Request URL: /Sitefinity/Admin/Default.aspx  
     Rewrite URL: http://www.testdomain.local/Sitefinity/Admin/Default.aspx  
     Url Referrer: http://www.testdomain.local/sitefinity/login.aspx?ReturnUrl=/Sitefinity/Admin/Default.aspx  
     Is Authenticated: True  
     Authentication Type: Forms  
     User: nathan@testdomain.local  
     User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5  
     User Address: 192.168.1.10  
     
    Variables:  
     RadControlRandomNumber: 0  
     CmsHttpRequest: /Sitefinity/Admin/Default.aspx  
     
    - L0 -------------------------------------------------------------------------------  
     
    Exception Type: System.Web.HttpException  
     
    Message: You have no permissions to view this page.  
     
    Source: Telerik.Cms  
     
    Stack Trace:   
       at Telerik.Cms.Web.CmsHttpModule.PostAuthenticateAdminRequest(Boolean isAuthenticated, CmsHttpRequest request)  
       at Telerik.Cms.Web.CmsHttpModule.context_PostAuthenticateRequest(Object sender, EventArgs e)  
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  
    ------------------------------------------------------------------------------------  
     
     


    Here the configuration from my web.config file:

      <connectionStrings> 
        <add name="Sitefinity" connectionString="Data Source=SERVER\SQL1;Initial Catalog=TestSite;
            Integrated Security=True"
     providerName="System.Data.SqlClient" /> 
        <add name="ActiveDirectory" connectionString="LDAP://testdoamin.local"/>   
      </connectionStrings> 

     

    <roleManager enabled="true" cacheRolesInCookie = "true" defaultProvider = "Sitefinity">   
         <providers>   
           <clear/>   
           <add  name = "Sitefinity"   
            connectionStringName = "ActiveDirectory"   
            connectionUsername = "TESTDOMAIN\Administrator"   
            connectionPassword = "testadmin"   
            groupMaps = "WebAdmins, Domain Users"      
            type = "Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security"   
            searchScope="subTree" 
           />    
           <add   
            applicationName="/" 
            connectionStringName="DefaultConnection"    
            name="Public"    
            type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess"   
           />   
          </providers>   
        </roleManager>   
        <membership defaultProvider="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType="">  
          <providers> 
            <clear /> 
            <add name="Public" 
            
    connectionStringName="DefaultConnection" 
            
    type="Telerik.DataAccess.AspnetProviders.TelerikMembershipProvider, Telerik.DataAccess" 
            
    enablePasswordRetrieval="false" 
            
    enablePasswordReset="true" 
            
    requiresQuestionAndAnswer="false" 
            
    applicationName="/" 
            
    requiresUniqueEmail="false" 
            
    passwordFormat="Hashed" 
            
    maxInvalidPasswordAttempts="5" 
            
    passwordAttemptWindow="10" 
            
    passwordStrengthRegularExpression=""
            minRequiredPasswordLength="1" 
            
    minRequiredNonalphanumericCharacters="0"/>    
            <add  
            name="Sitefinity" 
            type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security" 
            connectionStringName="ActiveDirectory" 
            connectionUsername="TESTDOMAIN\Administrator"   
            connectionPassword="testadmin" 
            attributeMapUsername="userPrincipalName" 
            attributeMapEmail="mail" 
            requiresUniqueEmail="true"   
            enableSearchMethods="true" /> 
          </providers> 
        </membership> 


    Any ideas on getting userPrincipalName working for the Sitefinity Admin?
    -Nathan
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    12 Nov 2009
    Link to this post
    Hi Nathan Storms,

    Try logging as an administrator using default "Sitefinity" provider used when you installed Sitefinity. Then go to Administration - Permissions tab and make sure that the users from your AD provider has at least access permissions. For each module or section that supports permissions ( pages, modules ) you need to configure some permission level of access for the AD roles. Then switch the backend provider back to AD and try to login using your credentials.

    Let us know how it goes.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  3. Nathan Storms
    Nathan Storms avatar
    4 posts
    Registered:
    11 Nov 2009
    13 Nov 2009
    Link to this post
    Hi Ivan,

    That worked the missing step was to add the following to the web.config file:

    <security defaultProvider="DefaultSecurityProvider" cmsProvidersName="Sitefinity">  
          <roles> 
            <clear /> 
            <add name="WebAdmins" permission="Unrestricted" /> 
            <add name="Administrators" permission="Unrestricted" /> 
          </roles> 
          <providers> 
            <clear /> 
            <add name="DefaultSecurityProvider" connectionStringName="DefaultConnection" type="Telerik.Security.Data.DefaultSecurityProvider, Telerik.Security.Data" membershipProvider="Sitefinity" roleProvider="Sitefinity" /> 
          </providers> 
        </security> 

    Then following the remaining steps:
        Set the Active Directory provider to use "SAMAccountName"
        Signin using the default provided "Sitefinity" provider
        Grant permissions the groups under the Active Directory provider
        Set the Active Directory provider to use "userPrincipalName"
        Add "Administrators" and a mapped group under the Active Directory provider
        Switch the "Sitefinity" name to the Active Directory provider for both the roleManager membership providers

    Once that was done I was able to signin using a username in the format of user@domain.com based upon the stored UPN in Active Directory.
  4. Nathan Storms
    Nathan Storms avatar
    4 posts
    Registered:
    11 Nov 2009
    13 Nov 2009
    Link to this post
    I only found one remaining issue. When the membership provider is set to "SAMAccountName" I can see all the users and users within roles. When I set the membership provider to "userPrincipalName" I can see All Users and the roles show with a count next to the role name but when I select the role it self to return a list of users within the role it comes up empty, when the membership provider is set to "SAMAccountName" I can see the users within roles but not when its set to "userPrincipalName".

    Any ideas on how to configure Sitefinity to display the users within roles when using "userPrincipalName"? It's odd that it will display accounts under "All Users" but not under roles.

    -Nathan
  5. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    18 Nov 2009
    Link to this post
    Hello Nathan Storms,

    I apologize for the late response. Unfortunately we are not ready with an answer, but I will make sure that we will provide you with some tomorrow.
    Once again, apologies for our delay.

    Sincerely yours,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  6. Nathan Storms
    Nathan Storms avatar
    4 posts
    Registered:
    11 Nov 2009
    09 Jan 2010
    Link to this post
    Any ideas on how to resolve this?
  7. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    13 Jan 2010
    Link to this post
    Hi Nathan Storms,

    Just an update - we saw the issue and are currently looking for a solution. We will try to update the thread by the end of the week. 

    Apologies for the delay!

    All the best,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  8. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    21 Jan 2010
    Link to this post
    Hello Nathan Storms,

    Thank you for your patience. We are not able to provide you with an immediate fix for this issue, but the bug is logged in our system. Hopefully we will able to schedule it for the upcoming service pack release for the 3.7 version.

    Apologies for the delay and thank you for your understanding in advance. 

    We have updated your Telerik account. 

    Regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  9. Eric Wallace
    Eric Wallace avatar
    66 posts
    Registered:
    08 Oct 2009
    05 May 2010
    Link to this post
    In the custom provider, samAccountName is hard coded. I wonder if that is the issue with the Telerik AD Provider?

    foreach (SearchResult sr in groupsCollection)
    {
        result.Add(sr.Properties["samAccountName"][0].ToString());
    }
  10. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    05 May 2010
    Link to this post
    Hi Eric Wallace,

    The default provider retrieves user's sAMAccountName from the given distinguished name of the AD object (user). We return the sAMAccountName when DirectorySearcher finds a SearchResult. sAMAccountName is used in userSearchFilter if specified.

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Register for webinar
10 posts, 0 answered