I'm configuring the Active Directory Module 1.2 for CMS 7.2-8.0 and despite the fact that everything works great, I prefer to use integrated security (following the customer's policy). However, the manual does not say anything about using integrated security for the role provider. The LightLDAP.SitecoreADRoleProvider has username and password properties and doesn't use a connectionstring for this:
<roleManager defaultProvider="switcher" enabled="true" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add name="ad" xdt:Transform="Insert" xdt:Locator="Match(name)"
type="LightLDAP.SitecoreADRoleProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
attributeMapUsername="sAMAccountName" cacheSize="2MB" />
</providers>
</roleManager>
<profile defaultProvider="switcher" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add xdt:Transform="Insert" xdt:Locator="Match(name)" name="ad" type="LightLDAP.SitecoreADProfileProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
sitecoreMapDomainName="ad" />
</providers>
</profile>
looking this question up in Google is quite hard, because of course, Integrated Security is part of the functionality the AD module delivers, so each hit is about integrated security as well, but I'm looking for the provider to configure with integrated security (my app pool user is a service account that has been logged in via the app pool and that user has the correct rights on AD and databases).
Just finished setting up AD integration without username and password.
From my experience, if the server is joined to the domain or a domain that has trust with the users domain it should not require a username and password. I just omitted the connectionUsername and connectionPassword attributes from the config.
However, we do not allow changing username and passwords (that writes back to AD) in our setup, so your mileage may vary based on your setup.
Related
I am using windows authentication on an intranet that has been duplicated for two different environments with different servers being accessed. I am using a domain without periods rather than IP so it should log in automatically but it prompts for a login on site 1. On site 2 it prompts for a login, but regardless of which user logs in, WindowsIdentity.GetCurrent().Name always returns my login which was the very first login rather than the current user.
Here is my configuration:
Anonymous authentication: disabled
Windows authentication: enabled
web.config:
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
Why is it prompting for a login and why is one instance logging in properly and the other not?
Made the mistake of setting a user when the application was created. It is working now.
I have an MVC 4 web application that log off some users quickly. The authentication cookie seem stetted up correctly (I also setted timeout to 720 (12 hours)). I also setted session timeout on config file and in IIS. The issue seem's to happen on IE most of the time user get logged off after like 10 minutes. And as usual I can't reproduce the issue on my end.
I am wondering if an ajax call could cause the issue? Or an http header? I searched a lot about that issue and found nothing outside of basic web.config settings.
There is my configs for session, membership and authentication
<sessionState timeout="720" mode="InProc"/>
<membership defaultProvider="SimpleMembershipProvider" >
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
<authentication mode="Forms">
<forms requireSSL="false" domain="dpars.com" loginUrl="~/Account/Login" protection="All" name="DPARSAuth" slidingExpiration="true" timeout="720"></forms>
</authentication>
You might be losing the sessions because you're using InProc Session-State mode, which stores sessions in memory. When you use this mode, the sessions will be lost anytime the web server process restarts, which can happen for a variety of reasons.
Try changing the sessionState mode to "SQLServer", or "StateServer" and see if that solves the problem.
More information on configuring these options can be found here: http://msdn.microsoft.com/en-us/library/ms178586(v=vs.100).aspx
I have an asp.net mvc project. I installed imageresizing nuget packages. It's working in local.
When I published to my hosting then it's not working.
I set IIS situation integrated and classic but still didn't work.
I couldn't solve, can you help please? Thanks.
The following definitions are exist in web.config
<resizer>
<plugins>
<add name="MvcRoutingShim" />
<add name="DiskCache" />
<add name="SimpleFilters" />
<add name="PrettyGifs" />
</plugins>
</resizer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ImageResizingModule" type="ImageResizer.InterceptModule" />
</modules>
The self-diagnostics page at /resizer.debug explains the configuration issues present on your hosting environment
Image resizer diagnostic sheet 24.11.2014 22:15:04
2 Issues detected:
(Critical): Grant the website SecurityPermission to call UrlAuthorizationModule.CheckUrlAccessForPrincipal
Without this permission, it may be possible for users to bypass UrlAuthorization rules you have defined for your website, and access images that would otherwise be protected. If you do not use UrlAuthorization rules, this should not be a concern. You may also re-implement your security rules by handling the Config.Current.Pipeline.AuthorizeImage event.
DiskCache(ConfigurationError): Not working: Your NTFS Security permissions are preventing the application from writing to the disk cache
Please give user read and write access to directory "D:\inetpub\adafirin.com\www\imagecache" to correct the problem. You can access NTFS security settings by right-clicking the aformentioned folder and choosing Properties, then Security.
Hoping you may be able to help with a peculiar issue I'm facing with my SimpleMembershipProvider.
I have an MVC4 application that uses the SimpleMembership feature to store user and role information. This all works perfectly from the front end MVC4 application.
We also have a web service which will call the same SimpleMembershipProvider to validate the user credentials from a mobile app using the standard ValidateUser() method.
However, before I get to my ValidateUser() method I need to initialise my WebSecurity object using the WebSecurity.InitializeDatabaseConnection method. This is causing the below error:
"The Role Manager feature has not been enabled."
I'm initialising the WebSecurity object within the services startup, using the same code pulled from my Portal:
if (!WebSecurity.Initialized)
{
WebSecurity.InitializeDatabaseConnection("PortalContext", "UserProfile", "UserId", "UserName", autoCreateTables: true);
}
I've checked that my web.config of my web service contains the appSettings key
<add key="enableSimpleMembership" value="true" />
I've also included the rolemanager and membership details within my system.web section of my web.config.
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear />
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear />
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
I'm now completely at a loss and have spent all morning googling for a possible solution.
Can anyone think of a reason why this might be occurring?
If you have multiple projects in the same solution and are using migrations, make the as the startup project the one containing the migrations (in Solution Explorer, Right click Project name > "Set as startup project") before running database-update.
I have a maddening situation here with an MVC4 site. At the outset, you need to know it uses Windows authentication, and I also want to use simplemembership roles (but I don't think this is working--but this is not the focus of my question). Basically, the site works on my dev machine (with IIS Express) and a test machine (with regular IIS). But it doesn't work in production environment. We get an error "could not load file or assembly WebMatrix.WebData, version=2.0.0.0.
The WebMatrix.WebData reference has CopyLocal = False. (This works in dev and test.) If I set CopyLocal = True, then the authentication goes haywire. Specifically, when you visit the site, it attempts a redirect to login.aspx (obviously not an MVC component). So, my question is Why is this happening? How do I fix?
Here's what I've got under my system.web element in the config:
<roleManager enabled="true">
<providers>
<clear/>
<add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership>
<providers>
<clear/>
</providers>
</membership>
<authentication mode="Windows" />
I've played around with this quite a bit trying to understand the problem, but I don't really know what I'm doing with this config section/what all can be done. I wonder if there's a problem clearing all the membership providers.... while trying to use the SimpleRoleProvider. (I tried cutting out SimpleRoleProvider, but this had no effect on problem.)