+1-888-365-2779
Try Now
More in this section

Forums / Security / Struggling with AD integration

Struggling with AD integration

9 posts, 0 answered
  1. matt Sword
    matt Sword avatar
    22 posts
    Registered:
    17 Mar 2010
    29 Mar 2010
    Link to this post
    I know there are a few posts about AD integration, but I cant seem to get it working. I keep getting the following error after attempting to login.
    "The Active Directory Membership Provider has not been initialized."
    Line 27: void Login1_Authenticate(object sender, AuthenticateEventArgs e) Line 28: { Line 29: e.Authenticated = UserManager.Default.ValidateUser(this.Login1.UserName, this.Login1.Password); Line 30: }

    Any help is appreciated.

    // My Connection String
      <add name="ADService" connectionString="LDAP://domain.local/" />

    //Role Provider
     <add name="Sitefinity"
                 applicationName="/"
                 description="Telerik Role provider for Active Directory" 
                 connectionStringName="ADService"
                 type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security"
                 connectionUsername="domain\user"
                 connectionPassword="password"
                 groupMaps="Domain Admins, Users"
                 domainName="domain.local"
                 searchScope="subtree"  />

    //Membership Provider 
            <add name="Sitefinity"
               connectionStringName="ADService"
             attributeMapUsername="userPrincipalName"
               connectionUsername="domain\user"
               connectionPassword="password"
               type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security"/>
       
        <security defaultProvider="DefaultSecurityProvider" cmsProvidersName="Sitefinity">
                <roles>
                    <clear/>
                    <add name="Domain Admins" permission="Unrestricted"/>
                </roles>
                <providers>
                    <clear/>
                    <add name="DefaultSecurityProvider" connectionStringName="DefaultConnection" type="Telerik.Security.Data.DefaultSecurityProvider, Telerik.Security.Data" membershipProvider="Sitefinity" roleProvider="Sitefinity"/>
                </providers>
            </security>


    thanks Matt
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    29 Mar 2010
    Link to this post
    Hi matt Sword,

    Try using attributeMapUsername="sAMAccountName".

    Kind regards,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. matt Sword
    matt Sword avatar
    22 posts
    Registered:
    17 Mar 2010
    29 Mar 2010
    Link to this post
    I'm sorry Ivan, I still receive same error, I watched the webcast of AD integration earlier and that was the first thing I tried.
    regards
    Matt

    I just refreshed my page and received this error
    [COMException (0x80005000): Unknown error (0x80005000)]
       System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +377678
       System.DirectoryServices.DirectoryEntry.Bind() +36
       System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
       System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
       System.DirectoryServices.DirectorySearcher.FindOne() +47
       Telerik.Security.ActiveDirectory.TelerikADRoleProvider.GetRolesForUser(String user) +945
       System.Web.Security.RolePrincipal.GetRoles() +158
       Telerik.Security.Permissions.ApplicationPermission.CheckDemand() +222
       Telerik.Cms.Web.CmsHttpModule.PostAuthenticateAdminRequest(Boolean isAuthenticated, CmsHttpRequest request) +47
       Telerik.Cms.Web.CmsHttpModule.context_PostAuthenticateRequest(Object sender, EventArgs e) +745
       System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
    
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    30 Mar 2010
    Link to this post
    Hi matt Sword,

    The probnlem seems to be related to your AD setup, The DirectoryServices.DirectoryEntry.Bind tries to check whether the is an user in a your AD groups. The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy.
    You could also take a look at this Microsoft KB article that explains the problem you have

    Error That You May Receive If You Do Not Have a Primary Token

    If the code works when you browse to it from the development machine that is a Web server, but the code does not work when other Web clients access the pages, you may receive an error message that is similar to one of the following:
    "Failed: System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000) at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)"



    Greetings,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  5. matt Sword
    matt Sword avatar
    22 posts
    Registered:
    17 Mar 2010
    30 Mar 2010
    Link to this post
    Thanks Ivan. I'll look into it.
  6. matt Sword
    matt Sword avatar
    22 posts
    Registered:
    17 Mar 2010
    30 Mar 2010
    Link to this post
    Well I did get different error now after fixing the "Double Hop" However, it appears my role provider is not getting initialized.
    The Active Directory Membership Provider has not been initialized.

    Any ideas what causes this? this is my configuration.  I'm also reading this, but nothing is jumping out at me. Usernames and passwords are correct, because I'm trying to log into AD with my credentials.
    http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.validateuser.aspx

    According to link above, user has to exist in container in connection string, so instead of doing ldap://domain.local/
    I put ldap://domain.local/OU=Domain, DC=Domain, DC=local

    the login doesn't return and response. It doesnt fail nor pass.

    <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="Sitefinity">
                <providers>
                    <clear/>
                    <!--<add connectionStringName="DefaultConnection" applicationName="/" name="Sitefinity" type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess"/>-->
            <add name="Sitefinity"
                 applicationName="/"
                 description="Telerik Role provider for Active Directory"
                 connectionStringName="ADService"
                 type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security"
                 connectionUsername="username"
                 connectionPassword="password"
                 groupMaps="Domain Admins, Users"
                 domainName="domain.local"
                 searchScope="subtree"
      />
          </providers>
            </roleManager>
  7. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    30 Mar 2010
    Link to this post
    Hello matt Sword,

    Can you send the full stack of the error?

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  8. matt Sword
    matt Sword avatar
    22 posts
    Registered:
    17 Mar 2010
    30 Mar 2010
    Link to this post
    Ivan,

    this is what I have done thus far.
    1. made IIS run under a domain account
    2. changed my authentication to forms // based on video and documentation, it doesn't say to change to windows
    3. changed my web.config domain username/password different than the one I'm logging in with.

    Based on something from Microsoft:
    The user must exist in the container specified in the connection string. Valid credentials are supplied for a user account located in a different container or in a different domain. The user must exist in the container specified in the connection string.

    When validating a user, the provider validates the credentials by connecting to the Active Directory data store using the specified user name and password, not the credentials configured in the application configuration file.


    If I change auth to windows, I get no response back after attempting to login, but if I leave it as forms I get this message which suggests I'm getting further.  thanks Matt

    [NotSupportedException: The Active Directory membership provider has not been configured to support search methods.]
       System.Web.Security.ActiveDirectoryMembershipProvider.FindUsersByName(String usernameToMatch, Int32 pageIndex, Int32 pageSize, Int32& totalRecords) +1927621
       System.Web.Security.ActiveDirectoryMembershipProvider.GetAllUsers(Int32 pageIndex, Int32 pageSize, Int32& totalRecords) +52
       Telerik.Security.UserManager.GetAllUsers(Int32 from, Int32 maxRows, String sortExpr, Int32& totalRows) +1201
       Telerik.Security.WebControls.UsersInTrayInfo.GetItems(Int32 count) +56
       Telerik.Cms.Web.UI.InTrayBox.CreateChildControls(IEnumerable dataSource, Boolean dataBinding) +142
       System.Web.UI.WebControls.CompositeDataBoundControl.PerformDataBinding(IEnumerable data) +57
       System.Web.UI.WebControls.DataBoundControl.OnDataSourceViewSelectCallback(IEnumerable data) +114
       System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments, DataSourceViewSelectCallback callback) +31
       System.Web.UI.WebControls.DataBoundControl.PerformSelect() +142
       System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +73
       Admin_Default.Page_Load(Object sender, EventArgs e) in c:\Program Files\telerik\Sitefinity3.7\WebSites\myBlank\Sitefinity\Admin\Default.aspx.cs:221
       System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
       System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
       System.Web.UI.Control.OnLoad(EventArgs e) +99
       Telerik.Cms.Web.CmsPageBase.OnLoad(EventArgs e) +55
       Telerik.Cms.Web.AdminPage.OnLoad(EventArgs e) +20
       Admin_Default.OnLoad(EventArgs e) in c:\Program Files\telerik\Sitefinity3.7\WebSites\myBlank\Sitefinity\Admin\Default.aspx.cs:69
       System.Web.UI.Control.LoadRecursive() +50
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
    

    System.NotSupportedException: The Active Directory membership provider has not been configured to support search methods.
  9. matt Sword
    matt Sword avatar
    22 posts
    Registered:
    17 Mar 2010
    30 Mar 2010
    Link to this post
    Oh wait. I just found a clue
    enableSearchMethods="true"

    Viola!
Register for webinar
9 posts, 0 answered