+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Active directory and permissions

Active directory and permissions

5 posts, 0 answered
  1. Zyad Rujeedawa
    Zyad Rujeedawa avatar
    31 posts
    Registered:
    18 Feb 2010
    06 Sep 2011
    Link to this post
    Hi,

    My users need to acces my sitefinity extranet via an AD login, so that there is a single sign on, once they logon their machines.
    I then need to be able to give permissions to specific groups within sitefinity, so that some pages are secured.

    What's the best way to set this up, assuming that I can have a batch that feeds my sitefinity user database from the AD users.

    Thanks.
  2. Stanislav Velikov
    Stanislav Velikov avatar
    1113 posts
    Registered:
    08 Dec 2016
    08 Sep 2011
    Link to this post
    Hello Zyad,

    I have attached a document describing how to add Ldap users to sitefinity, for more information you can refer to the documentation on this topic.

    When your user can access sitefinity backend you can create a role(Administration->Roles) for them that will grant certain permissions over the bakend modules.

    Regards,
    Stanislav Velikov
    the Telerik team

    Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>

  3. Tony
    Tony avatar
    20 posts
    Registered:
    12 Oct 2012
    07 Jan 2013 in reply to Stanislav Velikov
    Link to this post
    Can you help me with any troubleshooting steps?  I've followed all of the guides I can find, including the one you posted here which I found contained useful examples, and I've tried multiple things.  I can query ldap with ldp.exe using the same server.. I'm using my credentials so I know they're valid and have proper permissions.  Using ldp.exe I've verified my distinguished name for the accounts directory.. my settings are all very similar to yours, I have nothing just outrageous..  And they're similar to working solutions I have in place.  I'm just not sure what I can be missing.  This is all in a test environment running off VS2010's web server.  My user list just never increases but there should be thousands populated from the size of our domain when pointed to our \Accounts\Employees OU like I have it. 
  4. Rashmiranjan
    Rashmiranjan avatar
    2 posts
    Registered:
    10 Jan 2014
    26 Mar 2014
    Link to this post

    Hello Stanislav,

    I'm using Sitefinity version 6.3.5000.0 with visual studio 2013 ultimate for development. I've tried with active directory integration with sitefinity for a project. I added all AD settings in sitefinity settings and AD is connected to sitefinity. My concern is to get the backend access to the AD users. I followed sitefinity documentation and your steps in screencast and I'm sorry to say I ended up with nothing. Your steps in screencast is not in Sitefinity version 6.3.5000 and you've used visual studio 2010 IIS Express to enable NTLM Authentication. I did the same, changing in web.config and applicationhost.config file in IIS Express. Still I'm getting the error. If you reply to this post soon with detailed steps, it'd be great as it's in the middle of the development.

     

    Thanks. 

  5. Stefani Tacheva
    Stefani Tacheva avatar
    718 posts
    Registered:
    06 Dec 2016
    31 Mar 2014
    Link to this post
    Hello,

    First of all you need to make sure that you have configured LDAP. The dropdown should be available in the login screen of the backend and in the user section under LDAP provider.

    Furthermore, all configurations from the following article should be applied.

    http://www.sitefinity.com/documentation/documentationarticles/setting-up-sso-with-windows-authentication

    Configurations and additional information:

    Web.config file STS:

    <add key="http://www.yoursite.com/" value="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" />

    Where URL: http://www.yoursite.com/ should be the URL of your web site.

    Web.config file:


    <wsFederation passiveRedirectEnabled="true" issuer="http://STSsite.com/mysts.ashx" realm="http://localhost" requireHttps="false" />

    Where http://STSsite.com/mysts.ashx
    should be the address of your STS server. If you request the address you should get a line stating that this is a Security Token Service.

    SecurityConfig.config file:
    securityTokenIssuers>
    <add key="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
    <add key="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" encoding="Hexadecimal" membershipProvider="LdapUsers" realm="http://STSsite.com/mysts.ashx" />
    </securityTokenIssuers>
    <relyingParties>
        <add key="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" encoding="Hexadecimal" realm="http://localhost" />

    Furthermore, you need to make sure that IIS configurations for STS site are correct.

    In IIS Manager, select the STS site.
    In section IIS on the right, double-click Authentication.
    Choose one of the following authentication types and set it in IIS:

    • If all computers that are used to authenticate in Sitefinity are part of the domain, enable Windows Authentication and disable all others.
    • If there are computers that are not part of the domain and that are used for authentication, enable Basic Authentication and disable all others. You could turn https on for this site to protect the transferred credentials.

    Regards,
    Stefani Tacheva
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
5 posts, 0 answered