More in this section

Forums / Developing with Sitefinity / Active Directory Integration

Active Directory Integration

3 posts, 0 answered
  1. Gabe Sumner
    Gabe Sumner avatar
    440 posts
    Registered:
    09 Sep 2007
    01 Oct 2007
    Link to this post
    I am taking a shot at having Sitefinity integrate with our Active Directory.  I would like the entire members' list to be supplied by the Active Directory.  However, I would like to manually control the roles that get applied through Sitefinity.

    Here is what I did.  I put the following code into the <membership> section of the web.config file:

    <add name = "Sitefinity" 
        enableSearchMethods = "true" 
        attributeMapUsername = "sAMAccountName" 
        connectionUsername = "username" 
        connectionPassword = "password"                  
        connectionStringName = "ActiveDirectory" 
        type = "Telerik.DataAccess.AspnetProviders.TelerikADMembershipProvider, Telerik.DataAccess"   
    /> 
     

    For the <roleManager> section of the web.config file I left it as it was:

    <add connectionStringName="DefaultConnection" applicationName="/" name="Sitefinity" type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess"/> 

    This actually works!  If I type a wrong username & password, I get a "Bad password" message.  If I type the correct username & password, I get sent right back to the login screen (no login, no error message).  The original "admin" account no longer works if I'm using the Active Directory to authenticate.

    I suspect that the login screen is simply reloading because the Active Directory account I'm using to login has no roles assigned to it.  However, I can't figure out how to initially login to Sitefinity so that I can begin assigning roles to Active Directory accounts.

    Hopefully this post makes sense.  Any suggestions for making this work?
  2. Yasen
    Yasen avatar
    121 posts
    Registered:
    18 May 2013
    03 Oct 2007
    Link to this post
    Hi Gabe,

    Thank you for giving it a try, it is important for us to see what is troubling people using Active Directory.

    About the redirect to the login form after you login - you are right, this was the expected behavior in 3.1 Beta for the new "Entire CMS Access" global permission (btw it will be renamed to CMS Access). This is a little confusing, in the official version you'll get an "access denied" exception.

    About the administration of these users - your post triggered a discussion about the providers that should be shipped with Sitefinity. Unfortunately, in 3.1 you don't have the power to manage users from AD with custom roles in Sitefinity. You can, however, use Windows groups as roles in Sitefinity.

    The other out-of-the-box possibility is not to use Active Directory at all. We are planning to ship a new role provider that enables Sitefinity to manage domain users with a custom set of roles, this will actually cover exactly your case, bad news is it will probably be part of the 3.2 release. Another opportunity for you is to write your own role provider that fits your needs.

    Thank you once again for your question, your Telerik account has been updated.

    Kind regards,
    Yasen
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Gabe Sumner
    Gabe Sumner avatar
    440 posts
    Registered:
    09 Sep 2007
    04 Oct 2007
    Link to this post

    Thanks for the reply Yasen.

    I believe I'm going to take a shot at writing my own Role & Membership providers.

    Gabe
    ===============
Register for webinar
3 posts, 0 answered