1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Windows Authentication Problem

Windows Authentication Problem

4 posts, 0 answered
  1. Jason
    Jason avatar
    31 posts
    Registered:
    07 Nov 2007
    05 Dec 2007
    Link to this post
    Greetings all,

    I am trying to get windows authentication to work to allow persons to use their domain accounts to log into the backend of Sitefinity.  At present, we appear the be very close, the database accounts do not work and when we log in with a valid domain login we do not get a denial error, which to me indicates that it is to some point working.

    However, even after this I am not able to access any admin pages.  I have used the documentation to add references to the telerik ad role manager and membership provider.  I could really use some help with this and i am not sure what my next step is.

    Thanks in advance,

    Jason
  2. Yasen
    Yasen avatar
    121 posts
    Registered:
    18 May 2013
    07 Dec 2007
    Link to this post
    Hi Jason,

    Your domain users most probably don't have any permissions. You have to set permissions for all the users in Sitefinity. To do this, obviously, you need a user who can set permissions. The easiest way would be to add some of your AD groups unrestricted rights, so users that belong to it would be administrators in Sitefinity. You can add unrestricted roles to the web.config => Security section.

    Please let us know if you need further assistance.

    Sincerely yours,
    Yasen
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Jason
    Jason avatar
    31 posts
    Registered:
    07 Nov 2007
    07 Dec 2007
    Link to this post
    Thank you again Yasen,

    This is what I have in place and at present users in this group can log in and administer the site, however, a couple things I noticed that I wanted to address.

    Firstly, if a domain user who is NOT in the AD group associated with Unrestricted access logs into the Admin, rather then being denied, they receive a 403 page stating the page cannot be served.  I would like them to either be denied or just be givine None access.

    I attempted this by adding a definition to the roles section so that all domain users are given None access, and then the users in the AD group website, would be given Unrestricted.  So my <roles> section looked as follows:
               <roles>
                    <clear />
                    <add name="globalGroup" permission="None" />
                    <add name="website" permission="Unrestricted" />
                </roles>

    Unfortunetly, giving a valid domain logon, but not being in the website group raises  a Error 403.  Additionally, when I login, I can see every user in our AD, is there anyway to filter this to ONLY see users with access to the system.

    Thanks in advance,

    Jason
  4. Yasen
    Yasen avatar
    121 posts
    Registered:
    18 May 2013
    10 Dec 2007
    Link to this post
    Hi Jason,

    In order to allow users in the administration, but restrict them from viewing/modifying any secured part of Sitefinity, you should give them the CMS Access global permission (from the "global permissions" section). Actually, permission="None" does nothing, only "unrestricted" permissions are processed by Sitefinity. I think what you are trying to do is achievable by using the "Everyone" role that actually represents all authenticated users.

    In short, if you give the CMS Access permission to the Everyone role, the users will be able to enter the administration. In your case, you may want to use the globalGroup.

    Kind regards,
    Yasen
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
Register for webinar
4 posts, 0 answered