Active directory and permissions
Hi,
My users need to acces my sitefinity extranet via an AD login, so that there is a single sign on, once they logon their machines.
I then need to be able to give permissions to specific groups within sitefinity, so that some pages are secured.
What's the best way to set this up, assuming that I can have a batch that feeds my sitefinity user database from the AD users.
Thanks.
Hello Zyad,
I have attached a document describing how to add Ldap users to sitefinity, for more information you can refer to the documentation on this topic.
When your user can access sitefinity backend you can create a role(Administration->Roles) for them that will grant certain permissions over the bakend modules.
Regards,
Stanislav Velikov
the Telerik team
Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>
Can you help me with any troubleshooting steps? I've followed all of the guides I can find, including the one you posted here which I found contained useful examples, and I've tried multiple things. I can query ldap with ldp.exe using the same server.. I'm using my credentials so I know they're valid and have proper permissions. Using ldp.exe I've verified my distinguished name for the accounts directory.. my settings are all very similar to yours, I have nothing just outrageous.. And they're similar to working solutions I have in place. I'm just not sure what I can be missing. This is all in a test environment running off VS2010's web server. My user list just never increases but there should be thousands populated from the size of our domain when pointed to our \Accounts\Employees OU like I have it.
Hello Stanislav,
I'm using Sitefinity version 6.3.5000.0 with visual studio 2013 ultimate for development. I've tried with active directory integration with sitefinity for a project. I added all AD settings in sitefinity settings and AD is connected to sitefinity. My concern is to get the backend access to the AD users. I followed sitefinity documentation and your steps in screencast and I'm sorry to say I ended up with nothing. Your steps in screencast is not in Sitefinity version 6.3.5000 and you've used visual studio 2010 IIS Express to enable NTLM Authentication. I did the same, changing in web.config and applicationhost.config file in IIS Express. Still I'm getting the error. If you reply to this post soon with detailed steps, it'd be great as it's in the middle of the development.
Thanks.
Hello,
First of all you need to make sure that you have configured LDAP. The dropdown should be available in the login screen of the backend and in the user section under LDAP provider.
Furthermore, all configurations from the following article should be applied.
www.sitefinity.com/.../setting-up-sso-with-windows-authentication
Configurations and additional information:
Web.config file STS:
<
add
key
=
"http://www.yoursite.com/"
value
=
"34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D"
/>
<
wsFederation
passiveRedirectEnabled
=
"true"
issuer
=
"http://STSsite.com/mysts.ashx"
realm
=
"http://localhost"
requireHttps
=
"false"
/>
http://STSsite.com/mysts.ashx
should be the address of your STS server. If you request the address you should get a line stating that this is a Security Token Service. securityTokenIssuers>
<
add
key
=
"34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D"
encoding
=
"Hexadecimal"
membershipProvider
=
"Default"
realm
=
"http://localhost"
/>
<
add
key
=
"34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D"
encoding
=
"Hexadecimal"
membershipProvider
=
"LdapUsers"
realm
=
"http://STSsite.com/mysts.ashx"
/>
</
securityTokenIssuers
>
<
relyingParties
>
<
add
key
=
"34BCAA7ADAFA93790C6B48D86AE3E447462786419266AA26D01E50382157793D"
encoding
=
"Hexadecimal"
realm
=
"http://localhost"
/>
Furthermore, you need to make sure that IIS configurations for STS site are correct.
In IIS Manager, select the STS site.
In section IIS on the right, double-click Authentication.
Choose one of the following authentication types and set it in IIS: