Active directory and permissions

Posted by Community Admin on 03-Aug-2018 10:55

Active directory and permissions

All Replies

Posted by Community Admin on 06-Sep-2011 00:00

Hi,

My users need to acces my sitefinity extranet via an AD login, so that there is a single sign on, once they logon their machines.
I then need to be able to give permissions to specific groups within sitefinity, so that some pages are secured.

What's the best way to set this up, assuming that I can have a batch that feeds my sitefinity user database from the AD users.

Thanks.

Posted by Community Admin on 08-Sep-2011 00:00

Hello Zyad,

I have attached a document describing how to add Ldap users to sitefinity, for more information you can refer to the documentation on this topic.

When your user can access sitefinity backend you can create a role(Administration->Roles) for them that will grant certain permissions over the bakend modules.

Regards,
Stanislav Velikov
the Telerik team

Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>

Posted by Community Admin on 07-Jan-2013 00:00

Can you help me with any troubleshooting steps?  I've followed all of the guides I can find, including the one you posted here which I found contained useful examples, and I've tried multiple things.  I can query ldap with ldp.exe using the same server.. I'm using my credentials so I know they're valid and have proper permissions.  Using ldp.exe I've verified my distinguished name for the accounts directory.. my settings are all very similar to yours, I have nothing just outrageous..  And they're similar to working solutions I have in place.  I'm just not sure what I can be missing.  This is all in a test environment running off VS2010's web server.  My user list just never increases but there should be thousands populated from the size of our domain when pointed to our \Accounts\Employees OU like I have it. 

Posted by Community Admin on 26-Mar-2014 00:00

Hello Stanislav,

I'm using Sitefinity version 6.3.5000.0 with visual studio 2013 ultimate for development. I've tried with active directory integration with sitefinity for a project. I added all AD settings in sitefinity settings and AD is connected to sitefinity. My concern is to get the backend access to the AD users. I followed sitefinity documentation and your steps in screencast and I'm sorry to say I ended up with nothing. Your steps in screencast is not in Sitefinity version 6.3.5000 and you've used visual studio 2010 IIS Express to enable NTLM Authentication. I did the same, changing in web.config and applicationhost.config file in IIS Express. Still I'm getting the error. If you reply to this post soon with detailed steps, it'd be great as it's in the middle of the development.

 

Thanks. 

Posted by Community Admin on 31-Mar-2014 00:00

Hello,

First of all you need to make sure that you have configured LDAP. The dropdown should be available in the login screen of the backend and in the user section under LDAP provider.

Furthermore, all configurations from the following article should be applied.

www.sitefinity.com/.../setting-up-sso-with-windows-authentication

Configurations and additional information:

Web.config file STS:

<add key="http://www.yoursite.com/" value="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" />

Where URL: http://www.yoursite.com/ should be the URL of your web site.

Web.config file:


<wsFederation passiveRedirectEnabled="true" issuer="http://STSsite.com/mysts.ashx" realm="http://localhost" requireHttps="false" />

Where http://STSsite.com/mysts.ashx
should be the address of your STS server. If you request the address you should get a line stating that this is a Security Token Service.

SecurityConfig.config file:
securityTokenIssuers>
<add key="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
<add key="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" encoding="Hexadecimal" membershipProvider="LdapUsers" realm="http://STSsite.com/mysts.ashx" />
</securityTokenIssuers>
<relyingParties>
    <add key="34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D" encoding="Hexadecimal" realm="http://localhost" />

Furthermore, you need to make sure that IIS configurations for STS site are correct.

In IIS Manager, select the STS site.
In section IIS on the right, double-click Authentication.
Choose one of the following authentication types and set it in IIS:

  • If all computers that are used to authenticate in Sitefinity are part of the domain, enable Windows Authentication and disable all others.
  • If there are computers that are not part of the domain and that are used for authentication, enable Basic Authentication and disable all others. You could turn https on for this site to protect the transferred credentials.

Regards,
Stefani Tacheva
Telerik
 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

This thread is closed