+1-888-365-2779
Try Now
More in this section

Forums / Set-up & Installation / Active Directory Integration

Active Directory Integration

6 posts, 1 answered
  1. Cameron
    Cameron avatar
    42 posts
    Registered:
    27 Jul 2009
    13 Jan 2010
    Link to this post
    Hi! I've been pulling my hair out trying to get Sitefinity working with AD. I've looked through all of the posts and KB articles with no luck. Is there still no complete working sample web.config available or at least complete step-by-step tutorial?

    I've looked at:
    http://www.sitefinity.com/support/kb/sitefinity-3-x/working-with-multiple-membership-and-role-providers.aspx
    http://www.sitefinity.com/support/forums/sitefinity-3-x/set-up-installation/active-directory-directory-service-unavailable.aspx
    among others.

    At one point, I got to where logging in using a valid AD account resulted in something someone else had gotten: This type of page can not be displayed error. At least that showed me that it was authenticating against the AD.

    I then tried implementing the steps that are in the first link above and then I eventually get to the point where no login works at all. Doesn't matter what user or groups it may belong to.

    Anyone available to provide some guidance?

    THANK YOU!
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    13 Jan 2010
    Link to this post
    Hi Michael Buchsbaum,

    It seems that your AD users does not have permissions to access the backend. Could you switch the AD with the Sitefinity one just for a while and grant AD provider with needed permissions to access at least the backend. You ca do this from Administration >> Permissions.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  3. Cameron
    Cameron avatar
    42 posts
    Registered:
    27 Jul 2009
    14 Jan 2010
    Link to this post
    Ivan, thank you for that suggestion. I created a new sample site so I could get back in and start fresh. With the changes I have made, I am now able to see more than I could before. Here's my current breakdown:

    - I have a Windows Active Directory group called PortalAdmins with one user in it (mbuchsbaum)

    - When I look at the User list in Sitefinity, under the Sitefinity ActiveDirectory provider, I can see every user in the Windows Active Directory

    - Under the Users by Role link I see the one user, mbuchsbaum, who is in that Windows Active Directory group

    - In Permissions, the Sitefinity Provider has roles Administrator and Everyone - both have CMS Access Allow checked
    - In Permissions, the ActiveDirectory Provicer has roles PortalAdmins and Everyone - both have CMS Access Allow checked

    The only user account able to login to Sitefinity however is the local Sitefinity user Admin. None of the Windows accounts, including the mbuchsbaum user are able to login. So it seems somewhere Sitefinity is now not looking to the Windows Active Directory for authentication. Can you tell me which membership or security section of the config file to check?

    Thanks for your help,
    Michael

  4. Cameron
    Cameron avatar
    42 posts
    Registered:
    27 Jul 2009
    14 Jan 2010
    Link to this post
    Here's some of what I think are the relevant code lines - maybe someone can help :)

     <connectionStrings> 
        <add name="Sitefinity" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|Sitefinity.mdf" 
          providerName="System.Data.SqlClient" /> 
            <add name="ActiveDirectory" connectionString="LDAP://changedfordisplay:389/dc=mycomp,dc=com" /> 
      </connectionStrings> 
     
     <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="ActiveDirectory">  
          <providers> 
            <clear /> 
     <add  
                    name = "ActiveDirectory" 
                    connectionStringName = "ActiveDirectory" 
                    connectionUsername = "testuser" 
                    connectionPassword = "testpass" 
                    groupMaps = "PortalAdmins" 
                    type = "Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security" 
       /> 
            <add connectionStringName="DefaultConnection" applicationName="/" 
              name="Sitefinity" type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess" /> 
          </providers> 
        </roleManager> 
     
    <membership defaultProvider="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType="">  
          <providers> 
            <clear /> 
            <add name="Sitefinity" connectionStringName="DefaultConnection" type="Telerik.DataAccess.AspnetProviders.TelerikMembershipProvider, Telerik.DataAccess" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" /> 
        <add name="ActiveDirectory" connectionStringName="ActiveDirectory" enableSearchMethods="true" attributeMapUsername="sAMAccountName" connectionUsername="testuser" connectionPassword="testpass" type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security"/>  
          </providers> 
        </membership> 
     
     <profile defaultProvider="Sitefinity">  
          <providers> 
            <clear /> 
            <add name="Sitefinity" connectionStringName="DefaultConnection" applicationName="/" type="Telerik.DataAccess.AspnetProviders.TelerikProfileProvider, Telerik.DataAccess" /> 
                
          </providers> 
     
     

    Again, I can see all of the Windows AD users, but can't login to Sitefinity as anything other than the original Sitefinity admin user.
  5. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    14 Jan 2010
    Link to this post
    Hello Michael Buchsbaum,

    For the backend you may use only one provider. Please make sure that you have set Sitefinity backend to use your AD provider as shown below

    web.config

    <security defaultProvider="DefaultSecurityProvider" cmsProvidersName="ActiveDirectory">
        <roles>
        <clear/>
            <add name="Administrators" permission="Unrestricted"/> 
        </roles>


    Greetings,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
    Answered
  6. Cameron
    Cameron avatar
    42 posts
    Registered:
    27 Jul 2009
    15 Jan 2010
    Link to this post
    Thank you very much for your help! i finally got it working!

    The most helpful thing I came across was the webinar at http://tv.telerik.com/sitefinity/webinar/sitefinity-membership-role-providers . About half-way into the video there is a very good explanation and example of the code to use. When I commented out what the video did, and used the same provider names (for simplicity), I was able to get it to work.

    Now on to more customization....
Register for webinar
6 posts, 1 answered