November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

ActiveDirectoryRoleProvider and ActiveDirectoryMembershipProvider issues

Vote:
 

I need to use LDAP authentication for EPiServer, but I'm having issues.  The Windows(Role|Membership)Provider(s) work great, but as soon as I swap to the active directory versions, when I try to log in to CMS admin, my username/password is accepted (I'm authenticated), but I'm immediately directed back to the login (which I assume means the system thinks I am not authorized).

I found the following blog post.  Can anyone tell me if this is still true of CMS7?  Do I have to strip the domain from the membership provider in order to get an LDAP solution to work?

http://blog.tomstenius.com/2010/08/active-directory-membership-and-role.html

 

My connection settings for the role/membership providers are exactly the same.  I'm using attributeMapUsername="sAMAccountName". What else do I look for?  

#71808
May 29, 2013 18:01
Vote:
 

After spending all day on this, it seems that the windows providers allow you to specify groups with the domain prefix (eg, MyDomain\MyGroup)... where the AD providers seem to just expect the group name.  I found it by accident.  Replacing all of MyDomain\MyGroup with simply MyGroup in web.config seems to have allowed the basic CMS security to work.  

 

Next, on to Community....

#71822
May 29, 2013 23:15
Johan Book
Johan Book
Vote:
 

You can actually specify groups without prefix also with the Windows provider, given that you make use of the deletePrefix attribute on the membership provider :)

#71823
May 30, 2013 0:25
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.