1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Turn On Active Directory

Turn On Active Directory

25 posts, 0 answered
  1. Philip Senechal
    Philip Senechal avatar
    69 posts
    Registered:
    07 Apr 2008
    17 Dec 2010
    Link to this post
    I believe I have Active Directory setup correctly...I can see users and roles in the Administration area.

    What I can't seem to figure out now is how to turn on pass-through authentication and have Sitefinity recognize it. Obviously in IIS I have to switch to Windows Authentication only, but what do I have to do in Sitefinity to have it accept that authentication and log users in automatically? Thanks.
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    17 Dec 2010
    Link to this post
    Hello Philip,

    Sitefinity relies on FormsAuthentication and we require generating  FormsAuthenticationTicket. Basically you cannot use directly the way of windows authentication. We have LDAP provider for AD which is just a membership provider that Sitefinity uses as an acceptor to get data for your user and roles. Possible solution would be to authenticate the users through service call once they get logged in by using a console application. You can take a look at this post


    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Philip Senechal
    Philip Senechal avatar
    69 posts
    Registered:
    07 Apr 2008
    17 Dec 2010
    Link to this post
    Hi Ivan,

    Thanks for the reply. So this sounds like a complete departure from the model in 3.7. In our current 3.7 implementation, we're using Windows Authentication and passing the credentials directly to Sitefinity which is using AD as it's membership/role provider. Here is some of the code from the current web.config that implements that solution:

    connection string...
    <add name="ADService" connectionString="LDAP://windc1/DC=domain,DC=com" />

    role manager and membership provider...
    <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="Sitefinity">
      <providers>
        <clear />
        <add name="Sitefinity" applicationName="/" description="Telerik Role Provider for Active Directory" authenticationType="Secure" userSearchFilter="(&(sAMAccountType=805306368)(sAMAccountName={0}))" roleSearchFilter="(&(objectClass=group)(sAMAccountName={0}))" userDefinitionFilter="sAMAccountType=805306368" groupDefinitionFilter="(objectClass=group)" connectionStringName="ADService" type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security" connectionUsername="tagwsadm" connectionPassword="crystal0" groupMaps="Administrators, Domain Admins, EIS, IT_U-TAG, Domain Users" domainName="DOMAIN" searchScope="subtree" />
      </providers>
    </roleManager>
    <membership defaultProvider="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear />
        <add name="Sitefinity" connectionStringName="ADService" enableSearchMethods="true" attributeMapUsername="sAMAccountName" connectionUsername="username" connectionPassword="password" type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security" />
      </providers>
    </membership>

    and the security provider that sets the membership and role provider to AD and puts a couple AD groups into the unrestricted group
    <security defaultProvider="DefaultSecurityProvider" cmsProvidersName="Sitefinity">
      <roles>
        <clear />
        <add name="EIS" permission="Unrestricted" />
        <add name="IT_U-TAG" permission="Unrestricted" />
        <add name="Administrators" permission="Unrestricted" />
      </roles>
      <providers>
        <clear />
        <add name="DefaultSecurityProvider" connectionStringName="DefaultConnection" type="Telerik.Security.Data.DefaultSecurityProvider, Telerik.Security.Data" membershipProvider="Sitefinity" roleProvider="Sitefinity" />
      </providers>
    </security>


    Is this model not available in Sitefinity 4 for us to use anymore? I hope it is because it would be a complete deal breaker for our company if we can't do this and we'll have to cancel our subscription and find a different solution. Sitefinity is used for our intranet and having pass-through Windows authentication is an absolute requirement that the higher ups will not let us go without. We are a single sign-on company for everything.

    Please let me know what our options are...I recommended Sitefinity to my company and we need to know if we are going to be stuck on v3.7 because of this. Thanks.
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    20 Dec 2010
    Link to this post
    Hi Philip,

    Actually your configuration snippets just show AD setup in Sitefinity 3.x. You can use Active Directory with Sitefinity 4.0 in the same way that this works in 3.x versions. In 3.x and 4.0 we do not provider an option for SSO out of the box.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Philip Senechal
    Philip Senechal avatar
    69 posts
    Registered:
    07 Apr 2008
    20 Dec 2010
    Link to this post
    Hi Ivan,

    Thanks for the reply.

    If the setup we're currently using in Sitefinity 3.x can be applied to Sitefinity 4.0, can you guide me on where to place the configuration as the web.xml has changed and some of the groupings are no longer available.

    This piece of code:
    <security defaultProvider="DefaultSecurityProvider" cmsProvidersName="Sitefinity">
      <roles>
        <clear />
        <add name="EIS" permission="Unrestricted" />
        <add name="IT_U-TAG" permission="Unrestricted" />
        <add name="Administrators" permission="Unrestricted" />
      </roles>
      <providers>
        <clear />
        <add name="DefaultSecurityProvider" connectionStringName="DefaultConnection" type="Telerik.Security.Data.DefaultSecurityProvider, Telerik.Security.Data" membershipProvider="Sitefinity" roleProvider="Sitefinity" />
      </providers>
    </security>

    is currently under <configuration><telerik>, but there is no longer a <telerik> section in web.xml.
    should this now go under <securityconfig><securityproviders> in SecurityConfig.xml?

    Should I put my Active Directory connection string in DataConfig.xml or should that stay in web.xml?

    The role manager and membership providers are currently under system.web in web.xml. I see in 4.0 that the membership provider is still in web.xml under system.web, but the role manager is not present at all. Is it okay to add the role manager to system.web as well as my membership provider?

    Thanks for the info...hopefully we can get this working.
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    20 Dec 2010
    Link to this post
    Hi Philip,

    In Sitefinity 4.0 you have to configure the AD provider from Sitefinity/Administration/Settings/Advanced
     and then go to Security >> LDAP Settings.



    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. Philip Senechal
    Philip Senechal avatar
    69 posts
    Registered:
    07 Apr 2008
    20 Dec 2010
    Link to this post
    I've done that part already...

    If you look at ldap1, ldap2, ldap3 images attached, you can see that I've configured the LDAP connection and enabled the role and membership providers. This works as I can assign my AD roles and users to permissions.

    I'm assuming that to use AD as my security provider, I have to add an entry into Security Providers as seen in ldap4 image? Is that correct?

    So...I'm connecting to me AD server, I just need to make it the default membership and role providers which was in the <configuration><telerik> section of the web.xml before that no longer exists.

    Can you help me figure out how to get those settings into 4.0 either through one of the xml files or the Administrative area? Thanks.
  8. Bob
    Bob avatar
    330 posts
    Registered:
    30 Dec 2016
    21 Dec 2010
    Link to this post
    Hi Philip,

    Sorry for the confusion. It seems there has been some misunderstanding on both sides in the communication.

    Windows authentication is not yet supported in v4.0. Since the usage of this feature is quite limited, it is with low priority for the time being. I will try to raise the priority of this task. We are definitely going to support it, but unfortunately I cannot give you a time frame immediately.

    Regards,

    Bob
    the Telerik team

     

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Keivan Kechmiri
    Keivan Kechmiri avatar
    38 posts
    Registered:
    16 Aug 2009
    21 Dec 2010
    Link to this post
    Hi

    I'm also in desperate need of Windows Authentication, please raise the priority!

    /Keivan
  10. Philip Senechal
    Philip Senechal avatar
    69 posts
    Registered:
    07 Apr 2008
    21 Dec 2010
    Link to this post
    Hi Bob,

    Thanks for the information...I'm glad I'm not going crazy in trying to figure out how to make that work =)

    I know you can't really give me a time frame, but do you know at least if it's something that's going to be included with the official release next year or added as an additional feature at a later time? I have a deadline of 3/31/2011 to launch and if it's going to be a possibility for at least sometime in Q1, I'll continue with my 4.0 development, otherwise I'll have to drop back down to 3.7.

    Thanks.
  11. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    22 Dec 2010
    Link to this post
    Hello Philip,

    Most probably we will have this feature for the official release scheduled in the middle of January. We implemented it locally, but we have to test the implementation and perform some bug fixing if there are any issues.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  12. Keivan Kechmiri
    Keivan Kechmiri avatar
    38 posts
    Registered:
    16 Aug 2009
    06 Jan 2011
    Link to this post
    Any more info about Windows Authentication, is it in RC2 or will it be available in RTM?

    /Keivan
  13. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    06 Jan 2011
    Link to this post
    Hello Philip,

    The implementation is not completed. I will update the post with some more information when you will be able to try the WindowsAuthentication.

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  14. Pradeep
    Pradeep avatar
    2 posts
    Registered:
    19 Oct 2010
    17 Jan 2011
    Link to this post
    Can AnyOne Help me with the Skins. My application is garded by single Sign-On. If I apply SSo to my application the skins for the radcontrols ant applying. Please guid me in this.

    Thanks
  15. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    18 Jan 2011
    Link to this post
    Hi David,

    Could you check whether all resources are loaded? There should not be a problem with SSO.  Can you provide some more details that will help us to narrow down the issue you have?

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  16. Pradeep
    Pradeep avatar
    2 posts
    Registered:
    19 Oct 2010
    24 Jan 2011
    Link to this post
    I got this issue resolved. That was an IIS Issue and below are the steps for resolving it. Thanks for your reply Ivan.......

    Here’s the solution:

    http://forums.asp.net/p/1040236/3272631.aspx

    This one is a bit old, but it still applies to those who use SiteMinder (CA Netegrity) if you are having this problem. If this is already answered elsewhere in this thread sorry for the repeat in advance.

    Our problem manifested not as a "Sys" problem, but just that everything that was AJAX based didn't appear which, in our case, was about 70% of the information provided by our site. Not a good thing. A check of the weblogs showed every single call to an .axd file was returned as a 404 error. We turned off Siteminder and tried again and everything worked fine.

    What Blue Coat wrote in the article is correct, but you don't need to add the two empty files. As stated elsewhere it does work but it doesn't address the root of the problem. To make Siteminder stop blocking it:

    1. Go into your IIS Manager and right-click the root of your site and select Properties.
    2. Under Home Directory, click Configuration. 
    3. There should be a Wildcard entry for ISAPI6WebAgentDLL there (we are using CA Siteminder v6.xx so its there for us). Highlight it and click Edit.
    4. Make sure the checkbox for Verify that file exists is unchecked.
    5. Click through on OK.

    I was pulling my hair out trying to figure this one out, we were standing up a new server and everything mirrored the old one yet SSO worked on the old and not on the new. After a couple days of working with the helpdesk found out that the updated installation documentation we were provided omitted that fact to ensure you uncheck that checkbox, the older documentation we used to install on the old server had it. By default, when adding a Wildcard Mapping that checkbox is checked.


    Thans for you replies.... Thinking this would help others.......

    Thanks.

  17. Keivan Kechmiri
    Keivan Kechmiri avatar
    38 posts
    Registered:
    16 Aug 2009
    08 Apr 2011
    Link to this post
    Any news? Is Windows Authentication implemented?
  18. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    10 Apr 2011
    Link to this post
    Hi Keivan Kechmiri,

    Yes, Windows Authentication has been implemented. 
    There are currently issues with the concurrent users though - since you authenticate automatically, once you reach the users limit, all the other users will be authenticated as anonymous. We will improve this with 4.2 (Q2) release - if the users are authenticated but they do not enter the backend, they will not be counted as concurrent.

    Kind regards,
    Georgi
    the Telerik team

  19. Zyad Rujeedawa
    Zyad Rujeedawa avatar
    31 posts
    Registered:
    18 Feb 2010
    06 Sep 2011
    Link to this post
    Hello,

    Has those issues been adressed ?

    Zyad
  20. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    12 Sep 2011
    Link to this post
    Hello Zyad,

    These issues haven't been resolved yet. The technical challenges there turned out to be big, but we are still looking forward in resolving them.

    All the best,
    Georgi
    the Telerik team

    Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>

  21. Stephane
    Stephane avatar
    2 posts
    Registered:
    16 Feb 2011
    04 Jan 2012
    Link to this post
    Is this working properly in SF4.4 ?
  22. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    05 Jan 2012
    Link to this post
    Hello Stephane,

    Our tentative plan is to include this feature in 5.0 in February. 

    All the best,
    Georgi
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  23. Scott Bradley
    Scott Bradley avatar
    27 posts
    Registered:
    20 Jan 2010
    13 Apr 2012
    Link to this post
    What is the status of this.  I very much would like to interface with Active Directory, ideally windows auth as well.  Is there a tutorial or sample out there I can see?  Thanks.
  24. Scott Bradley
    Scott Bradley avatar
    27 posts
    Registered:
    20 Jan 2010
    13 Apr 2012
    Link to this post
    Sorry, duplicate post.  Please delete this.
  25. Scott Bradley
    Scott Bradley avatar
    27 posts
    Registered:
    20 Jan 2010
    16 Apr 2012
    Link to this post
    Is there documentation or a tutorial for how to do this?  I'm really struggling with this as well.  Is it forms auth that taps into AD or is it truly windows auth?  I am trying to tie the content management to users based on role in Active Directory, but have the site viewable to all.
25 posts, 0 answered