Products

Solutions

Resources

Partners

Community

Blog

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationUsing DNN with Windows Server 2008 R2 w/AD AuthenticationUsing DNN with Windows Server 2008 R2 w/AD Authentication
Previous
 
Next
New Post
9/24/2011 10:01 AM
 
Having same problem....changed the IIS settings from Default to Classic.  Hit my site, then a warning that anonymous should not be enabled.  So, I disabled anonymous authentication (leaving only forms authentication enabled).  Hit the site again, and received the following:

401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

This is on 2008 R2.
 
New Post
9/27/2011 5:06 PM
 
I would like to reply to my own post so you know how far I got. I still need help but I am very close to an acceptable scenario.

Using:
• DNN6
• Unreal Skin
• Windows Server 2008 R2
• IIS 7.5

Trying to accomplish:
• Intranet site using Integrated Windows Authentication against domain accounts
• Secure access to the intranet from outside of our network using Windows Auth challenge so no one can even see the first page
• Auto login of users internally
• Auto login to the site by way of external access after successful challenge
• Auto account creation both internally and externally

Current Settings:
• App pool set to Classic
• Anonymous Authentication in IIS turned off everywhere.
• Forms and Windows Authentication selected at the site level as well as the \DesktopModules\AuthenticationServices\ActiveDirectory\Windowssignnin.aspx
• Web.config file modified. I had to add the line “
• I left the existing line commented out
• ACL at the site level grants Domain Users read-only

What Works Now:
• Because we are using both Windows and Forms authentication in IIS, I can log out as myself and login as Host directly into the site which is desired because I cannot seem to assign superuser rights to a domain user(me)
• From a workstation logged into the domain with the site entered into the Intranet zone, A user can hit the main URL https://portal.medicushcs.com and have his/her account auto-created and logged in
• Subsequent logins for existing accounts will also auto-log in with no problems.
• From the outside using a non-domain member computer, the user can hit the main page https://portal.medicushcs.com and get presented with a Windows Auth challenge. They can log in as DOMAIN\username and have their account auto-created and auto-logged in.


This is 90% of what I need. I am not sure if this is optimal from a security standpoint but from what I am seeing, it is getting better.


Problems:
• If the user hits the logout button, or if the site logs them out automatically, they cannot log back it using the Windows login option. To recover, I have to delete cookies and access the site again which will log the user in automatically. *I need to solve this problem*
• Related to the above, when I am in as superuser it eventually times out and defaults me to my personal AD based account but it is limited. I can only see two of the 5 tabs I have created for pages. This is frustrating.
• The requirement to supply a domain name before the username still exists due to Windows Authentication. I have the domain assumed in the site settings but I will need to tell IIS to default to my domain name when people are presented with the challenge.

I will be performing more tests this evening as time permits. In the meanwhile, Mike, if you have any suggestions to clean this up, I am all ears. Thanks in advance for everyone’s help.
 
New Post
10/6/2011 12:47 PM
 
Hi, Last year I had looked at DNN as a solution for my company but couldn't get Windows Authentication to work so I gave up since all users are members of the Active Directory and I do not want Forms based authentication at all. It seems you have been able to get Windows authenticatio to work. Could you please share a link or instructions on how I can get my DNN site to only allow Windows authenticated users in. I don't really care if they have to put their credentials in if they are logged into the domain already, for now I just need to get them in the door. Seems like documentation on Windows only authentication is the one big thing lacking in DNN, maybe I'm just missing something. Thanks for any help you can provide.
 
New Post
10/7/2011 4:04 PM
 
I apologize that I may not be so well versed in this to provide comprehensive instructions. I have been stumbling through it myself and I am still not 100% happy with how it performs.  However, it would seem to me that if you followed the instructions in this thread as well as setting your app pool to classic, all you would need to do is turn off forms based auth everywhere and leave Windows auth enabled from the top down. It should be the only authentication option enabled. This should then present the windows challenge to your users every time. To make it easier for them, either manually add the site to IE's local intranet zone or accomplish the same through a GPO. This part works well and will automatically log your user's in using their cached windows creds.

It is worth noting that if you disallow forms based auth, you will prevent yourself from loging in in as 'host' and therefor you will not have superuser access, and access to the host level. If you ad your own Windows creds as an administrator, you will still be able to access the site / portal level as an admin by way of your own cached windows creds. Do this first before you turn off Forms Auth or you will paint yourself into a corner.

I tell ya what, stumble through it yourself. If you have specific questions, send me some of the config items you want to compare. This will be a more targeted approach without causing me to re-learn all of this. I think I burst a blood vessel in my skull getting this far ;-)
 
New Post
2/23/2012 4:48 PM
 
Is it normal operation for the AD authentication to erase any custom fields that have been added the DNN User Database.

I have added two custom fields in DNN and added values to them as well, however every time I log out and back in using my domain credentials it erases the values previously entered.

Also what fields match up from AD to DNN once joining. It seems that no all of them mesh up.

Thanks,

Doug
 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationUsing DNN with Windows Server 2008 R2 w/AD AuthenticationUsing DNN with Windows Server 2008 R2 w/AD Authentication


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out