Installation and deployment Questions on installation, system configuration and deployment to the live server.
Version 4.x > Installation and deployment > Forms AND Windows Authentication View modes: 
User avatar
Member
Member
Darren - 5/5/2010 5:15:49 AM
   
Forms AND Windows Authentication
We are considering moving our Intranet over to Kentico. Our server is running our front facing websites at the moment which use forms authentication but I want to use Active Directory auto sign in for the Intranet site. I have read the documentation on mixed mode authentication but that suggests that users will still have to log in manually, either with a domain or CMS password.

I need to keep the existing sites as forms authentication. Is it possible to run these and the Intranet (Auto sign in via AD) side by side? Thanks for any help.

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 5/13/2010 2:58:31 AM
   
RE:Forms AND Windows Authentication
Hi,

It depends what you mean by side by side - within one installation of the CMS or two separate installations?

In the second case it is no problem, you will set either of them separately.
In the first case you will need to use "hacks" like this to achieve your need: http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2562.aspx.

Best regards,
Juraj Ondrus

User avatar
Member
Member
c.s.leonard-gmail - 9/7/2010 11:12:23 AM
   
RE:Forms AND Windows Authentication
I"m having some similiar issues(maybe). The way we'd like to set up our site(single install) is: Employees will use AD(for content update, etc.) and our customers will use forms base(the builtin kentico logon forms webparts) to login and view the content.

I'm currently setup with AD(and it appears to be working ok), but I'm getting an error when I add a logon webpart to a page and try and logon with a user. I have created a Custom Security authentication by following the directions here:http://devnet.kentico.com/docs/devguide/index.html?configuring_windows_authentication.htm

When I logon to kentico with a domain account and try to authenticate with a customer(using the kentico cms logon webpart). I get the following error: "Unable to establish secure connection with the server".


If I remove the AD from the config(and log into kentico cms with a non-domain acct.), the OnAuthentication hits the break point and the customer is successfully logged on.

Do I need to follow the steps in the link you provided or is there something else to do?

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 9/8/2010 8:03:51 AM
   
RE:Forms AND Windows Authentication
Hi,

Have you tried the mixed mode authentication? In this case the AD users can use their domain accounts to login to the CMS and the external users can use the "default" access credentials.

Best regards,
Juraj Ondrus

User avatar
Member
Member
c.s.leonard-gmail - 9/8/2010 1:48:05 PM
   
RE:Forms AND Windows Authentication
Thank you for the link Juraj, I have implemented as the link mentioned. I also had to change the following line in the web.config:
From <authentication mode="Forms">
To <authentication mode="Windows">
If I leave it as Forms, then I am unable to logon with my AD account.

How do I map the external users to the "default" access credentials?

Once I made this change everything started to work correctly from the cms desk side, I was logged in and able to make changes/updates. When I create a webpart(builtin logon form) and try to authenticate with it(using the my overriden OnAuthentication method in CustomSecurityHandler), I get connection problems. Error: "Unable to establish secure connection with the server".

User avatar
Member
Member
c.s.leonard-gmail - 9/8/2010 2:53:07 PM
   
RE:Forms AND Windows Authentication
To add some clarification I'm not making it the OnAuthentication method(I set a break point, it never hit when I clicked the logon button).

I set a few breakpoints at the places I could find kentico hitting on page postback/loads and I traced through and found this
Class Name : Method Name
Global : Application_BeginRequest
CMSRequest : BeforeBeginRequest
CMSRequest : AfterBeginRequest
Global : Application_AuthenticateRequest
CMSRequest : BeforeAuthenticateRequest
CMSRequest : AfterAuthenticateRequest
Global : Application_AuthorizeRequest
CMSRequest : BeforeAuthorizeRequest
CMSRequest : AfterAuthorizeRequest
Global : Application_AcquireRequestState
CMSRequest : BeforeAcquireRequestState
CMSRequest : AfterAcquireRequestState
CMSWebParts_Membership_Logon_LogonMiniForm : loginElem_LoggingIn
Global : Application_EndRequest
CMSRequest : BeforeEndRequest
CMSRequest : AfterEndRequest
Global : Application_EndRequest

Once the Application_EndRequest method completes I get the error I mentioned. I don't know where the App_EndRequest "goes" after it completes and goes out of scope.

Hope this helps.

User avatar
Member
Member
c.s.leonard-gmail - 9/8/2010 4:37:43 PM
   
RE:Forms AND Windows Authentication
Also in the web.config file:

<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

according to the instructions here:http://devnet.kentico.com/docs/devguide/index.html?configuring_windows_authentication.htm

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 9/9/2010 4:37:15 AM
   
RE:Forms AND Windows Authentication
Hi,

I am sorry but I Am little bit confused now. Are you setting the Windows authentication or mixed mode authentication?

Could you please send us the web.config changes you have amde and also your custom code from the security handler so we can better understand your environment?

Best regards,
Juraj Ondrus

User avatar
Member
Member
c.s.leonard-gmail - 9/9/2010 10:05:36 AM
   
RE:Forms AND Windows Authentication
The goal is: To have interanal users (employees) to use Win Integrated Authentication and external users(customers) to use our custom in house authentication. I'm not sure of the correct terminology, if that is mixed mode or not.

Below is the web.config currently:
<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<!--Removing inherited scriptResourceHandler for when application is installed below MCO-->
<remove name="scriptResourceHandler" />
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<!--Removing inherited jsonSerialization, profileService, authenticationService for when application is installed below MCO-->
<remove name="jsonSerialization" />
<remove name="profileService" />
<remove name="authenticationService" />
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere" />
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />
</sectionGroup>
</sectionGroup>
</sectionGroup>
<!-- Content staging BEGIN -->
<section name="microsoft.web.services3" type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<!-- Content staging END -->
</configSections>
<appSettings>
<add key="CMSProgrammingLanguage" value="C#" />
<add key="WS.webservice" value="http://localhost/WebService/webservice.asmx" />
<add key="CMSTrialKey" value="CU05-20100724-ZYMTpz" />
<add key="CMSUseCustomHandlers" value="true" />
</appSettings>
<connectionStrings>
<clear />
<add name="CMSConnectionString" connectionString="Persist Security Info=False;database=KenticoCMS;server=sql2;user id=webuser;password=Password;Current Language=English;Connection Timeout=240;" />
<add name="CMSADConnectionString" connectionString="LDAP://domain.local.org/DC=domain,DC=local,DC=org" />
<!--MCO Connection Strings-->
<add name="MCO" connectionString="Data Source=SQL2;Initial Catalog=CustomDB;User Id=webuser;Password=Password;" providerName="System.Data.SqlClient" />
<!--End MCO Connection Strings-->
</connectionStrings>
<system.web>
<pages validateRequest="false">
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add tagPrefix="ajaxToolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" />
<add tagPrefix="cms" namespace="CMS.Controls" assembly="CMS.Controls" />
<add tagPrefix="cms" namespace="CMS.FormEngine" assembly="CMS.FormEngine" />
<add tagPrefix="cms" namespace="CMS.FormControls" assembly="CMS.FormControls" />
<add tagPrefix="cms" namespace="CMS.ExtendedControls" assembly="CMS.ExtendedControls" />
<add tagPrefix="cms" namespace="CMS.PortalControls" assembly="CMS.PortalControls" />
</controls>
<namespaces>
<add namespace="CMS.CMSHelper" />
<add namespace="CMS.GlobalHelper" />
</namespaces>
</pages>
<customErrors defaultRedirect="~/CMSMessages/error.aspx" mode="Off">
<error statusCode="404" redirect="~/CMSPages/handler404.aspx" />
</customErrors>
<authentication mode="Windows">
<forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" />
</authentication>
<httpRuntime maxRequestLength="2097151" waitChangeNotification="1" maxWaitChangeNotification="3600" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="en-US" uiCulture="en-US" />
<membership defaultProvider="CMSProvider" userIsOnlineTimeWindow="30">
<providers>
<clear />
<add name="CMSProvider" type="CMS.MembershipProvider.CMSMembershipProvider" connectionStringName="CMSConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" />
<add name="CMSADProvider" type="CMS.MembershipProvider.CMSADMembershipProvider" connectionStringName="CMSADConnectionString" />
</providers>
</membership>
<roleManager defaultProvider="CMSRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<clear />
<add name="CMSRoleProvider" type="CMS.MembershipProvider.CMSRoleProvider" connectionStringName="CMSConnectionString" applicationName="SampleApplication" writeExceptionsToEventLog="false" />
<add name="CMSADRoleProvider" type="CMS.MembershipProvider.CMSADRoleProvider" connectiontringName="CMSADConnectionString" />
</providers>
</roleManager>
<httpHandlers>
<remove verb="*" path="*.asmx" />
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" />
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="XHtmlModule" type="CMS.CMSOutputFilter.OutputFilterModule, CMS.OutputFilter" />
</httpModules>
<xhtmlConformance mode="Strict" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
<compilation debug="true" numRecompilesBeforeAppRestart="100">
<assemblies>
<add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Configuration.Install, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="SMDiagnostics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.Transactions.Bridge, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.IdentityModel.Selectors, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
<!-- Different programming languages BEGIN -->
<!--
<codeSubDirectories>
<add directoryName="CSCode"></add>
<add directoryName="VBCode"></add>
</codeSubDirectories>
-->
<!-- Different programming languages END -->
</compilation>
<identity impersonate="false" />
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
</compiler>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
</compiler>
</compilers>
</system.codedom>
<!-- Windows authentication BEGIN -->

<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

<!-- Windows authentication END -->
<!--
<location path="">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
-->
<!-- Content staging BEGIN -->
<microsoft.web.services3>
<security>
<securityTokenManager>
<add type="CMS.Staging.WebServiceAuthorization" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" localName="UsernameToken" />
</securityTokenManager>
<x509 allowTestRoot="true" verifyTrust="true" />
</security>
<policy fileName="wse3policy.config" />
<diagnostics>
<trace enabled="false" input="InputTrace.webinfo" output="OutputTrace.webinfo" />
</diagnostics>
</microsoft.web.services3>
<!-- Content staging END -->
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<!--Removing inherited UrlRewriter and ScriptModule for when application is installed below MCO-->
<remove name="UrlRewriter" />
<remove name="ScriptModule" />
<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="XHtmlModule" type="CMS.CMSOutputFilter.OutputFilterModule, CMS.OutputFilter" />
</modules>
<handlers>
<!--Removing inherited ScriptHandlerFactory, ScriptHandlerFactoryAppServices and ScriptResource for when application is installed below MCO-->
<remove name="ScriptHandlerFactory" />
<remove name="ScriptHandlerFactoryAppServices" />
<remove name="ScriptResource" />
<remove name="WebServiceHandlerFactory-Integrated" />
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="MetaWeblogAPI" preCondition="integratedMode" verb="*" path="MetaWeblog.ashx" type="CMS.MetaWeblogProvider.MetaWeblogAPI, CMS.MetaWeblogProvider" />
</handlers>
</system.webServer>
</configuration>

Below is the method OnAuthentication from the class CustomSecurityHandler in the project CustomEventHandler. Everything has been correctly referenced(from the online documentation).

public override object OnAuthentication(object userInfo, string username, string password)
{
Authenticate auth = new Authenticate();
string message = String.Empty;
// assume the following method performs a authentication check based on logon/pword
Person p = auth.LogInUser(username, password, HttpContext.Current, out message);

// valid login
UserInfo user = null;
if (p != null && p.PersonID != 0)
{
user = new UserInfo();
PersonToUserInfo.BindData(user, p);
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(username, true);
auth.RedirectAfterLogin(p, HttpContext.Current);

}
else
{
user = (UserInfo)userInfo;
}
return user;
}

Hopefully this will help clarify, sorry for the confusion. And thank you for all the help.

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 9/10/2010 4:14:19 AM
   
RE:Forms AND Windows Authentication
Hi,

Thank you for the details.

Could you please set in the web.config file the authentication to be "Forms"? You are getting the error because the system tries to connect to the AD with this setting even with your custom security handler.

I would recommend to setup the mixed mode authentication with our Kentico login, and if everything will work fine, then I would apply the custom security handler.

Best regards,
Juraj Ondrus

User avatar
Member
Member
luana_r801@yahoo.com.au - 10/19/2010 1:42:04 AM
   
RE:Forms AND Windows Authentication
Hi Juraj,

I'm having a problem with Mixed Mode authentication

The code given in your documentaion as below:

http://devnet.kentico.com/docs/devguide/index.html?configuring_windows_authentication.htm

Does this code be added to the existing web.config file or do we remove the default code from the relevant sections and add the code above into those relevant sections??

Thanks and regards,
Luana.

User avatar
Member
Member
luana_r801@yahoo.com.au - 10/19/2010 2:22:04 AM
   
RE:Forms AND Windows Authentication
Hi,

This is my current web.config file. I would like to use the Mixed Mode Authentication.

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions,

Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere" />
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions,

Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />
</sectionGroup>
</sectionGroup>
</sectionGroup>
<!-- Content staging BEGIN -->
<section name="microsoft.web.services3" type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration, Microsoft.Web.Services3, Version=3.0.0.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<!-- Content staging END -->
</configSections>
<appSettings>
<add key="CMSProgrammingLanguage" value="C#" />
<add key="CMSTrialKey" value="CM04-20090730-b5XxFk" />
<add key="WS.webservice" value="http://localhost/WebService/webservice.asmx" />
<add key="CMSUseIFrameForHTMLEditorToolbar" value="true" />
<add key="CMSDefaultSpellCheckerCulture" value="en-US" />
<add key="CMSRenderGeneratorName" value="true" />
</appSettings>
<connectionStrings>
<clear />
<!-- <add name="CMSConnectionString" connectionString="Persist Security Info=False;Integrated Security=SSPI;database=CENWA;server=LUANA2;Current

Language=English;Connection Timeout=240;" /> /-->

<add name="CMSADConnectionString" connectionString="<LDAP://cathednet.wa.edu.au/DC=cathednet,DC=wa,DC=edu,DC=au>" />



</connectionStrings>
<system.web>
<pages validateRequest="false">
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35" />
<add tagPrefix="ajaxToolkit" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35" />
<add tagPrefix="ajaxToolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" />
<add tagPrefix="cms" namespace="CMS.Controls" assembly="CMS.Controls" />
<add tagPrefix="cms" namespace="CMS.FormControls" assembly="CMS.FormControls" />
<add tagPrefix="cms" namespace="CMS.ExtendedControls" assembly="CMS.ExtendedControls" />
<add tagPrefix="cms" namespace="CMS.PortalControls" assembly="CMS.PortalControls" />
</controls>
<namespaces>
<add namespace="CMS.CMSHelper" />
<add namespace="CMS.GlobalHelper" />
</namespaces>
</pages>
<customErrors defaultRedirect="~/CMSMessages/error.aspx" mode="Off">
<error statusCode="404" redirect="~/CMSPages/handler404.aspx" />
</customErrors>
<authentication mode="Forms">
<forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" />
</authentication>
<httpRuntime maxRequestLength="10000" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="en-US" uiCulture="en-US" />
<membership defaultProvider="CMSProvider" userIsOnlineTimeWindow="30">
<providers>
<clear />
<add name="CMSProvider" type="CMS.MembershipProvider.CMSMembershipProvider" connectionStringName="CMSConnectionString"

enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" />

<add name="CMSADProvider" type="CMS.MembershipProvider.CMSADMembershipProvider" connectionStringName="CMSADConnectionString"

connectionUsername="cathednet\username" connectionPassword="password" />


</providers>
</membership>
<roleManager defaultProvider="CMSRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/"

cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<clear />
<add name="CMSRoleProvider" type="CMS.MembershipProvider.CMSRoleProvider" connectionStringName="CMSConnectionString"

applicationName="SampleApplication" writeExceptionsToEventLog="false"/>

<add name="CMSADRoleProvider" type="CMS.MembershipProvider.CMSADRoleProvider" connectionStringName="CMSADConnectionString"

connectionUsername="cathednet\username" connectionPassword="password" />
</providers>
</roleManager>
<httpHandlers>
<remove verb="*" path="*.asmx" />
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions,

Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" />
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35" />
<add name="XHtmlModule" type="CMS.CMSOutputFilter.OutputFilterModule, CMS.OutputFilter" />
</httpModules>
<xhtmlConformance mode="Strict" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"

cookieless="false" timeout="20" />
<compilation debug="false" numRecompilesBeforeAppRestart="100">
<assemblies>
<add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Configuration.Install, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<!-- <add assembly="System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> -->
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
<!-- Different programming languages BEGIN -->
<!--
<codeSubDirectories>
<add directoryName="CSCode"></add>
<add directoryName="VBCode"></add>
</codeSubDirectories>
-->
<!-- Different programming languages END -->
</compilation>
</system.web>
<!-- Windows authentication BEGIN -->

<!--

<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

-->


<!-- Windows authentication END -->
<!-- Content staging BEGIN -->
<microsoft.web.services3>
<security>
<securityTokenManager>
<add type="CMS.Staging.WebServiceAuthorization" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

localName="UsernameToken" />
</securityTokenManager>
<x509 allowTestRoot="true" verifyTrust="true" />
</security>
<policy fileName="wse3policy.config" />
<diagnostics>
<trace enabled="false" input="InputTrace.webinfo" output="OutputTrace.webinfo" />
</diagnostics>
</microsoft.web.services3>
<!-- Content staging END -->
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0,

Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="XHtmlModule" type="CMS.CMSOutputFilter.OutputFilterModule, CMS.OutputFilter" />
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated" />
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory,

System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode"

type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler,

System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</handlers>
</system.webServer>
</configuration>

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 11/4/2010 2:10:24 AM
   
RE:Forms AND Windows Authentication
Hi,
I will post here, just for other users reference what we have solved over the e-mails.

At first, the problem was in correct format of LDAP connection string and after this, we had to find correct format of the user name to be able to authenticate against the AD since there are three possible formats:

Domain\SAM (e.g. intranet\joe)
SAM account name (e.g. joe)
UPN (joe@intranet.mycompany.com)

In this case we had to use the last one.

Best regards,
Juraj Ondrus

User avatar
Member
Member
Inet Soultions - 11/24/2010 7:28:29 AM
   
RE:Forms AND Windows Authentication
It took us a while to figure out this simple solution for Forms AND Windows Authentication. Hopefully, this will help others:

We set one page to NOT allow anonymous access. If the browser is IE, I will redirect them and log them in. Took a while to make it this simple...

if (this.Session["DetectCred"] != "tested")
{
this.Session["DetectCred"] = "tested";
string authenticatedUser = null;
string user = Request.ServerVariables["LOGON_USER"];
if (user != null
&& user.Length > 0)
{

authenticatedUser = user.ToLower().Replace("domain\\", "");
UserInfo userInfo = UserInfoProvider.GetUserInfo(authenticatedUser);

if (userInfo != null)
{
System.Web.Security.FormsAuthentication.SetAuthCookie(userInfo.UserName, true);
CMS.CMSHelper.CMSContext.SetCurrentUser(new CurrentUserInfo(userInfo, true));
UserInfoProvider.SetPreferredCultures(userInfo);
}
}
}
UrlHelper.Redirect(ResolveUrl("~/home.aspx"));

User avatar
Member
Member
martinagency - 1/12/2011 9:15:23 AM
   
RE:Forms AND Windows Authentication
I'm getting the following message:

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Unable to establish secure connection with the server

Source Error:


Line 57: <clear/>
Line 58: <add name="CMSProvider" type="CMS.MembershipProvider.CMSMembershipProvider" connectionStringName="CMSConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed"/>
Line 59: <add name="CMSADProvider" type="CMS.MembershipProvider.CMSADMembershipProvider" connectionStringName="CMSADConnectionString" connectionUsername="@ad.martinagency.com" connectionPassword="password" />
Line 60: </providers>
Line 61: </membership>

Any thoughts?

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 1/13/2011 1:16:23 AM
   
RE:Forms AND Windows Authentication
Hi,

Could you please confirm that you are able to login to the AD server using the credentials used in the connection string?

Also, is the machine where are you setting this up connected to the domain controller and is that machine part of the domain?

Best regards,
Juraj Ondrus

User avatar
Member
Member
Gomolov - 4/21/2011 8:05:13 AM
   
RE:Forms AND Windows Authentication
I stop at the same point & same error as in martinagency last post.
Could you be so kind continue topic? I need it!

Could you please confirm that you are able to login to the AD server using the credentials used in the connection string?

Yes, BUT it was tested by ldp.exe utility.
Also, is the machine where are you setting this up connected to the domain controller and is that machine part of the domain?

Connected, but it in DMZ zone and not in domain.

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 4/21/2011 3:09:22 PM
   
RE:Forms AND Windows Authentication
Hi,

Are you able to connect to the active directory and the domain controller server from the server in DMZ? Are there any firewalls in the way?

Best regards,
Juraj Ondrus