Forums

Not answered Sitefinity with ActiveDirectory integration

fregas baratis Intermediate

Posted on Jan 28, 2008 (permalink)

Hi Telerik,

On the site, it says this is possible:
"Sitefinity takes full advantage of the .NET role based security by providing a powerful interface for managing users and roles. Sitefinity even allows you to use multiple membership/role providers in a single application. For example, you can implement the SQL providers to validate user credentials and manage profiles and roles as well as passwords and e-mail addresses of your registered ‘public’ users; and at the same time, you can use the Active Directory membership and role providers to grant permissions to your internal network users for the CMS backend."

I have a need to do this exact thing. I need public users and possibly other roles to be thru sql server or mysql, and all the domain users authenticated thru active directory. How would i set this up in sitefinity?

thanks,
Fregas

Reply

Matt

Posted on Jan 29, 2008 (permalink)

Ok, I'm new to Sitefinity (just started evaluating it today), but I think I might have some answers for you. We're in a similar boat, needing to use AD credentials for the administration and "other" for the public web users. You can probably use Sitefinity's built-in membership components, but, in our case, I'm going to need to integrate it with our third-party CMS. Should be loads of fun. But, for now, I have it working with AD and Sitefinity as the two authentication sources.

The documentation is really lacking in this area - I was expecting simple step-by-step instructions, since this is a feature I think plays a major role in the decision to use Sitefinity in the first place. But here's a rundown of what I did, all taken from several articles in the help.

First, add a connectionString (leave the default Sitefinity one in place). Should look like:

 <add name="ActiveDirectory" connectionString="LDAP://yourDomainName" /> 

Second, add a roleManager provider (again, leave the default alone):

<add connectionStringName="ActiveDirectory" groupMaps="ADgroup" 

          name="Active Directory" type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security" /> 

Replace "ADgroup" with the name of your AD security group for Sitefinity to read. If you have multiples, separate with commas. Edit the roleManager element and set the defaultProvider="Active Directory"

Third, add a membership provider:

<add connectionStringName="ActiveDirectory" enableSearchMethods="true" 

          attributeMapUsername="sAMAccountName" connectionUsername="ADuserName" 

          connectionPassword="ADpassword" name="Active Directory" type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security" />

Replace ADuserName and ADpassword with the credentials of a user with AD access rights. If you leave these properties out, the ASP.NET account with be used, which may work just fine for you. Edit the membership element and set the defaultProvider="Active Directory"

Finally, edit the security element (under telerik), edit the cmsProvidersName="Active Directory" under the roles element, add in the group(s) you defined earlier in the roleManager step:

<add name="ADgroup" permission="Unrestricted" /> 

Replace ADgroup with the group name you used previously. Add as many as you need, with the appropriate permissions.

I *think* those are all the changes I made, but I tried so many things, I could have left something out. That should enable you to log in to the admin interface using a user account that is a member of "ADgroup."

When you drop in a login control, click edit, then the edit button. Under data -> membershipProvider, enter Sitefinity to use the Sitefinity-native authentication. Leave blank to use the default, AD in this case. That way, you web users will authenticate against Sitefinity and your admin users against AD.

If an admin user is logged in through the admin login screen and goes to a membership-required section, their credentials will be used. If they're not logged in, their AD credentials won't work on a login control set to use Sitefinity. I imagine there's a way around this, I just haven't found it yet.

Hope that gets you started....

Matt

Sonya Sonya

Posted on Jan 30, 2008 (permalink)

Hello Matt,

Thank you very much for providing this answer. Your Telerik account has been updated for making the extra effort of helping a fellow developer :)

Hello fregas baratis,

You can use the default membership and role providers for public users and the Active Directory ones for administrators to log in the CMS with their domain credentials. All you have to do is configure some settings in the web.config file.

First you have to change the default membership and role providers’ name from Sitefinity to something else, like “Public”. Then, add both Active Directory providers to the membership and role sections and name them “Sitefinity”.
Described below is the definition of the role providers. Keep in mind that you need to set the connectionUsername and connectionPassword attributes to the values for your connection. Also, the attribute groupMaps is set here just to illustrate an example of how to specify which groups from the domain to be included and processed. You could exclude it if you want to work with the whole domain. For more information, take a look at the topic Role Providers in the Developers Manual (Security -> Authorization section).:

    
            <roleManager enabled="true" cacheRolesInCookie = "true" defaultProvider = "Sitefinity"> 
        
             <providers> 
        
               <clear/> 
        
               <add 
        
                    name = "Sitefinity" 
        
                    connectionStringName = "ActiveDirectory" 
        
                    connectionUsername = "userName" 
        
                    connectionPassword = "password" 
        
                    groupMaps = "Domain group 1, Domain group 2, Domain group 3"    
        
                    type = "Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security" 
        
               /> 
        
               <add applicationName="/"  
        
                    connectionStringName="DefaultConnection"  
        
                    name="Public"  
        
                    type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess" 
        
               /> 
        
             </providers> 
        
            </roleManager>

Here, "Domain group 1", "Domain group 2" and "Domain group 3" are groups from your domain.

Following is a possible implementation of the membership providers. Keep in mind that you need to set the connectionName and connectionPassword attributes to the values for your connection.

    
            <membership defaultProvider="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType="">  
        
              <providers>  
        
                 <clear/>  
        
                 <add name="Public" connectionStringName="DefaultConnection" type="Telerik.DataAccess.AspnetProviders.TelerikMembershipProvider, Telerik.DataAccess" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0"/>  
        
                 <add name="Sitefinity" connectionStringName="ActiveDirectory" enableSearchMethods="true" attributeMapUsername="sAMAccountName" connectionUsername="userName" connectionPassword="Password" type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security"/>    
        
              </providers>  
        
            </membership>

The connection string for both membership providers should be set. The Sitefinity connection string is used by the Public provider, while the ActiveDirectory connection string is used by the Sitefinity (default) provider. You need to correctly set the strings for your providers.

    
            <connectionStrings> 
        
                <add name="Sitefinity" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|Sitefinity.mdf" providerName="System.Data.SqlClient"/> 
        
                <add name="ActiveDirectory" connectionString="LDAP://your_domain.com"/> 
        
            </connectionStrings>

Another thing you may want to do is to give unrestricted permissions for a given domain group. To do that you have to add a line similar to this:

    
            <add name="Domain group" permission="Unrestricted"/>

The Domain group is a group from your domain.

Hope this helps. Let us know if you need further assistance.

Greetings,
Sonya
the Telerik team

Instantly find answers to your questions at the new Telerik Support Center

Matt

Posted on Jan 30, 2008 (permalink)

Thanks, Sonya. That's a much better explanation than mine :-)

Have you considered building AD integration into the GUI? It would be a great step during the site setup, right after selecting a database provider....

Reply

Sonya Sonya

Posted on Jan 31, 2008 (permalink)

Hello Matt,

Actually, we have plans to include Active Directory to the installation options. Apart from that, we plan to extend Sitefinity by setting the web.config file through the GUI. These plans, however, are not set for a specific version and we could not commit to a time frame for this functionality.

Thank you for the involvement in improving Sitefinity.

Best wishes,
Sonya
the Telerik team

Instantly find answers to your questions at the new Telerik Support Center

Reply

Erik

Posted on Apr 30, 2008 (permalink)

Sonya,

I have been able to successfully setup my config file so that my page loads with an Active Directory connection. Thanks for the excellent and clear setup instructions.

My next step in this project is to allow for the Admin page to be accessed using the Active Directory logins specified by the ldap connection string. Currently I have an organizational unit called "Employees" that contains all users that will potentially have access to the admin portion of the site. I also need to be able to allow the default "admin" username access to the admin part of the site as well. Currently with my web.config file set up exactly as you have done it in your example, I am able to load my page fine, but I am not able to login to the sitefinity admin page using any domain credential nor the admin login.

So, if you could please explain how I can enable these users to be able to log onto the system that will help me out.

Thanks a lot and appreciate the helpful instructions,

Erik

Reply

Yasen Yasen

Posted on Apr 30, 2008 (permalink)

Hi Erik,

In order to start administering Sitefinity with AD you need an Unrestricted user. By default when you create a new Sitefinity project you get the "admin" user who is member of the Administrators role, and this role has Unrestricted permissions. After that you are able to create roles and give permissions.

When working with Active Directory you start this process all over again, so first you need an "Administrators" role. To qualify a role to have unlimited rights, you have to add this to the web.config:

<add name="Any domain group" permission="Unrestricted"/>

In your case probably the "Employees" group.

Having this done, all members of this role will have Unrestricted rights, so they could enter the site and set permissions for the other roles.

If you have tried this but to no avail, probably there is another problem with membership/roles.

I hope this solves your issue. If you still have questions, just contact us and we'll be happy to answer them.

All the best,
Yasen
the Telerik team

Instantly find answers to your questions at the new Telerik Support Center

Reply

Erik

Posted on Apr 30, 2008 (permalink)

Question: Where in the web.config file do I insert that line? Under membership, or does it matter?

Also, by using Active Directory, does that bypass the users currently set up in the database for logging in? If so, is there a way to be able to use both AD and the database users at the same time?

If the above can't be accomplished, I assume that I will have to create groups in active directory and assign users to those groups to be able to assign certain permissions for sitefinity administration sections. Is this correct?

Thanks,
Erik

Reply

Erik

Posted on Apr 30, 2008 (permalink)

nevermind the first question, figured out that it goes in the security section under roles. still wondering about the other stuff though, thx

Reply

Erik

Posted on May 1, 2008 (permalink)

I know that I have my AD connection string working, but not sure why I get this error when attempting to login as my domain account into Sitefinity

Unknown error (0x80005000)

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Unknown error (0x80005000)

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80005000): Unknown error (0x80005000)]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +451
   System.DirectoryServices.DirectoryEntry.Bind() +36
   System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
   System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +73
   System.DirectoryServices.DirectorySearcher.FindOne() +42
   Telerik.Security.ActiveDirectory.TelerikADRoleProvider.GetRolesRecursive(String path, List`1 collection) +188

[COMException (0x80004005): Unknown error (0x80005000)]
   Telerik.Security.ActiveDirectory.TelerikADRoleProvider.GetRolesRecursive(String path, List`1 collection) +577
   Telerik.Security.ActiveDirectory.TelerikADRoleProvider.GetRolesForUser(String user) +459

[COMException (0x80004005): Unknown error (0x80005000)]
   Telerik.Security.ActiveDirectory.TelerikADRoleProvider.GetRolesForUser(String user) +616
   System.Web.Security.RolePrincipal.GetRoles() +250
   Telerik.Security.UserManager.GetCurrentUserRoles(String providerName) +68
   Telerik.Security.AccessPermission.CheckDemand() +292
   Telerik.Cms.Web.CmsHttpModule.context_PostAuthenticateRequest(Object sender, EventArgs e) +574
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

I think I just need further elaboration on setting up users in AD and assigning them unrestricted access and so forth. I also think some explanation on how to correctly set up connection strings and other settings in the web.config based on how the AD is set up. Like how do you assign an organizational unit named "Employees" unrestricted access? Do you have to include the OU=employees in the ldap connection string or do you just have to name it under the security section? Maybe the better question is what is the definition of a "group" in the groupMaps property; or more specifically, is an OU (organizational unit) considered a group?

Questions like this I just need an answer to in order to more fully understand how to set this up.

Thanks,
erik

Sonya Sonya

Posted on May 9, 2008 (permalink)

Hello Erik,

Is it possible for you to upgrade to Sitefinity 3.2 - many problems have been fixed there. If it is not acceptable for you, we could provide a custom solution that includes the 3.2 functionality.

Also, please accept our apology for not including more examples for this topic. I checked your configuration file and it looks fine, except for the "Unrestricted" roles. A group for Sitefinity means any Active Directory object that could include child objects, so OU is definitely a group. In order to give the "Employees" unrestricted rights use :

<add name="Employees" permission="Unrestricted" />

in the Security => Roles section. You can remove all other add tags as their corresponding roles don't exist.

You cannot include the default users defined in the database when using the AD providers. To do so you'd have to create custom membership and role providers and gather information from both data sources.

If anything needs further clarifications feel free to contact us again.

Kind regards,
Sonya
the Telerik team

Instantly find answers to your questions at the new Telerik Support Center

Reply

Brian

Posted on Jun 4, 2008 (permalink)

Hi there,

Thank you for this helpful posting, it helped me get up and running with Active Directory on the site I am developing.

I am experiencing a new problem, however, which I would like to bring up here.

The configuration I am using has 2 providers: Public (Sitefinity database users) and Sitefinity (Active Directory).

From the login screen, I am able to log in just fine now with any of my Active Directory users. However, now it will not let me log in with my Public users. Any time I attempt to log in with my user "admin", it tells me
Your login attempt was not successful. Please try again.

Is the point of having multiple providers not to be able to log in as either a Public user or an Active Directory user?

When I go into my web.config file and comment out my Sitefinity (Active Directory) provider, and change my defaultProvider back to Public, I am then again able to log in as admin without any problems.

What am I doing wrong in the case of multiple providers? Please help...

Thanks!
Brian

Reply

Brian

Posted on Jun 10, 2008 (permalink)

Just to clarify my last post...

If I change my role or membership "defaultProvider" to either Public or Sitefinity, then only the users belonging to that provider are accepted by my login screen.

<roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="Sitefinity">
allows only Acitve Directory users, while

<roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="Public">
allows only Sitefinity database users.

Any ideas on why I can't get multiple providers working from my login screen? Any help would be greatly appreciated...

Thanks,
Brian

Reply

Slavo Slavo
Posted on Jun 13, 2008 (permalink)
Hi Brian,

There's no problem to login in the CMS backend with users from different membership providers. There is however the limitation that sitefinity can only work with one Role Provider when setting permissions. From what I understand you have 2 membership providers and 2 role providers for them. This is why users from one of the providers cannot login - Sitefinity does not give permissions for the users managed by the second Role provider.

You can do a couple of things:
1. You can use only one role provider. Then, you will be able to manage permissions for users from one of the membership providers (CMS users). The users from the other membership provider (public) will always belong only to the Everyone role. If you give "CMS Access" rights to this role, they will be able to log in.
2. The problem of having one role provider with multiple membership providers is that sometimes there are users with the same username in both membership providers. This is a conflict which you can resolve by writing your own code to synchronize the two membership providers, and make the role provider differentiate between the same usernames. This, however, would not be trivial.
Since users from one provider are public users anyway (they don't need cms access), I suggest using the first approach. They will be able to log in, but pretty much do nothing.

We have plans to provide functionality for using one role provider with two membership providers, but we cannot commit to a time frame yet. I would be happy to answer your questions on how to set this up, or on any other issues you may have.
Best wishes,
Slavo
the Telerik team

Instantly find answers to your questions at the new Telerik Support Center
Reply

Brian
Posted on Jun 13, 2008 (permalink)
Hello Slavo,

Thanks for your suggestion - I have carried out #1 in your posting: I have removed my Public role provider. Remining is my Sitefinity role provider (Active Directory role provider), my Sitefinity Membership provider (Active Directory), and my Public Membership provider (Sitefinity database).

When I attempt to log in with one of my public users, it still tells me that the user does not exist. Furthermore, when I log in as one of my Active Directory admins, the Administration/Users screen does not show the public users...only the Active Directory users. Finally, I no longer see a drop-down list in my Command Panel, allowing me to select which Provider I am viewing users for.

From this same Users screen, I can create a new user. The application prevents me from assigning this user to a Sitefinity role, as I expected from your description in your last post. Is this user that I've created considered a "public" user? Is it stored in the Sitefinity database?

If so, when I go back into my web.config file and remove my "Public" membership provider, I would expect that the new public user I just added through the Users screen to not be valid any longer. However, it is still valid, and I can freely log in as this new user I've created.

My work-around to my problem, until further notice, will be to use the Active Directory role and membership provider solely, and add additional users to this list (which will be of the Everyone role) as needed. For anyone who needs to belong to a specific role, I will ensure that that user is added to Active Directory.

Perhaps I'm just confused or not thinking broadly enough on this topic, but I have been playing around with the Active Directory functionality for quite some time now, and I still am finding that the original quote stated at the top of this forum:

"Sitefinity even allows you to use multiple membership/role providers in a single application. For example, you can implement the SQL providers to validate user credentials and manage profiles and roles as well as passwords and e-mail addresses of your registered ‘public’ users; and at the same time, you can use the Active Directory membership and role providers to grant permissions to your internal network users for the CMS backend."

...is slightly inaccurate. I can understand your difficulties with having duplicate usernames etc., but from the statement above, I would expect the functionality to be as follows:
- - Through the Users screen, be able to select either membership provider (Sitefinty / Public)
- - When either is selected, an administrator can add/remove/set respective roles for that provider, without affecting the other provider
- - Pages / Modules can have permissions set for either provider's roles.
- - Login screen should have the ability to choose a provider, in which either a Public or Sitefinity user can log in.
- Perhaps you could help clear up what is the intended functionality with Sitefinity's multiple role/membership providers currently, and what is coming down the project roadmap?
Thanks and best regards,
Brian
Reply

Yasen Yasen

Posted on Jul 10, 2008 (permalink)

Hello Brian,

We are currently working on a real life example, supported with more detailed documentation on using multiple role providers with public users and permissions. Its main purpose is to make things clear about working with many providers, login forms and public users.

This document will be ready on Monday, 14th.

All the best,
Yasen
the Telerik team

Instantly find answers to your questions at the new Telerik Support Center

Reply

Yasen Yasen

Posted on Jul 17, 2008 (permalink)

Hi Brian,

If you still have any issues on the subject please refer to this KB article. I hope it solves your issues.

Best wishes,
Yasen
the Telerik team

Instantly find answers to your questions at the new Telerik Support Center

Reply

jkregala Intermediate

Posted on Jul 6, 2010 (permalink)

Hi Sonya, I followed your instructions step by step (The one dated Jan. 30, 2008) and I keep having this error:

Server Error in '/SSP' Application.

This type of page is not served.
Description: The type of page you have requested is not served because it has been explicitly forbidden. The extension '.aspx' may be incorrect. Please review the URL below and make sure that it is spelled correctly.

Requested URL: /SSP/Sitefinity/Admin/Default.aspx

Hope this could be resolved.... Thanks! :)

Reply

Ivan Dimitrov Ivan Dimitrov

Posted on Jul 7, 2010 (permalink)

Hi jkregala,

Most probably the user that you have authenticated does not belong to the role you have set as unrestricted. Make sure that AD role exists and the user you use belongs to it. You could also try to log in by using an administrators user from Sitefinity provider and explicitly set CmsAccess permissions ( from Administration >> Permissions tab) to a given role of your AD provider. Then, try to access Sitefinity's backend.

All the best,
Ivan Dimitrov
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Reply

jkregala Intermediate

Posted on Jul 7, 2010 (permalink)

Thanks Mr. Dimitrov! This was the issue - "Most probably the user that you have authenticated does not belong to the role you have set as unrestricted."

I have a follow up question. Since all is well and done with regards to ActiveDirectory, meaning I can now login through the domain and the users under the domain group specified are loading already. Is there any way wherein approval workflow can be implemented with it? I mean using the default provider, you can add as many roles as you want for example:

Authors - add, edit, delete News
Approvers - add, edit, delete, approve, publish News

So which means Authors submit News articles subject to Approver's approval. Since using ActiveDirectory means one group domain is loaded as one role, can I further filter that group domain into many roles so I can still implement the same scheme to the users under ActiveDirectory roles? Thanks.

Reply

Ivan Dimitrov Ivan Dimitrov

Posted on Jul 8, 2010 (permalink)

Hello jkregala,

You can create roles only in Sitefinity's provider. Note that if a user belongs to several roles "Deny" permission has higher priority - for instance if user "myuser" belongs to role "a" and role "b" and for the same object ( page or content item) this user "myuser" has "View" Allow in role "a" and "View" Deny the user will not be able to see the object.
By default Sitefinity's AD provider has acceptor role - it cannot be use to create user/roles in your AD.

Sincerely yours,
Ivan Dimitrov
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Reply

jkregala Intermediate

Posted on Jul 8, 2010 (permalink)

How about the users under the domains in the ActiveDirectory, can't I assign roles to them that are available under the default provider?

Reply

Ivan Dimitrov Ivan Dimitrov

Posted on Jul 8, 2010 (permalink)

Hello jkregala,

You cannot make CRUD operations against your AD roles/users. You can only assign permissions to them.

All the best,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Reply

jkregala Intermediate

Posted on Jul 8, 2010 (permalink)

Is there a way wherein I could at least differentiate the permissions of various groups of individuals within a role in Active Directory. For example I have a role "All Marketing Editors" but then within this role certain individuals should have less control over permissions while others have more.

Reply

Ivan Dimitrov Ivan Dimitrov

Posted on Jul 8, 2010 (permalink)

Hi jkregala,

Granular permissions are implemented in Sitefinity 4.0. Currently you can implement a custom persistent class to where you can make pair relation between user ID/SID from your Ad and a given right. Then you need to tweak built-in controls/backend views where you want to implement this granularity.

All the best,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Reply

Matt

Posted on Jul 8, 2010 (permalink)

@jkregala - I know this isn't the exact solution you're after, but we ended up creating a bunch of Sitefinity-specific security groups in AD, then mapping them in through the groupMaps on the roleManager provider. We have users in both AD (internal) and Sitefinity (public), with roles defined in each. It means there has to sometimes be a role duplicated in AD and Sitefinity, but it does work.

I wanted the same thing as you "All Marketing Editors" example, but ended up just creating a new group for each different permission set.

Another reason to be excited about 4.0!

Reply

Siddesh Kapadi Master

Posted on Jul 26, 2010 (permalink)

Hello,

I have created th entries in the web.config as specified above. I am able to login to the page using AD, but as specified by jkregala I get the same error 'This type of page is not served.'. I changed the provider to accept the database user. I was again able to login and was taken to the dashboard page(default.aspx). I went to Adminsitrator/Users section and tried changing the provider from Public to Sitefinity. I get an error:

'The specified domain either does not exist or could not be contacted.'

What can be the possible cause of this issue.

Also, Please let me know if my AD user does not fall in any of the Group how can I set the permissions for the user.

Regards,

Siddesh Kapadi

Reply

Ivan Dimitrov Ivan Dimitrov

Posted on Jul 26, 2010 (permalink)

Hi Siddesh Kapadi,

It looks like you cannot connect to to the domain controllewhere AD is created. This issue can occur because the Sysvol directory is not shared out on the domain controller. Check your AD for DNS issues. To access AD in an ASP.NET application, it is better to run the app under a domain local administrator to see how everything behavies. Sitefinity is only acceptor to the AD. Sitefinity does not control the users of the AD or roles management. Sitefinity just accepts the settings you have done during the AD setup. The problem is related to your AD and the way that it has been set up.

Greetings,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Reply

Siddesh Kapadi Master

Posted on Jul 26, 2010 (permalink)

Hey Ivan,
Thanks for your reply. It was the same issue. My machine is not in the domain.

It worked absolutely fine when I deployed the same on the server under the domain.

Regards,

Siddesh Kapadi

Reply

Forums

Not answered Sitefinity with ActiveDirectory integration

Unknown error (0x80005000)

Server Error in '/SSP' Application.

This type of page is not served.