Don't miss out Virtual Happy Hour this Friday (April 26).

Try our conversational search powered by Generative AI!

AI OnAI Off

Multiplexing Two Active Directories

tdespenza@inwk.com
tdespenza@inwk.com
Vote:
 

I've set up multiplexing for both internal and external ADs. I'm able to sign in as it does authenticate against both directories but it only pulls the groups from first AD provider and not the second. I've seen post http://world.episerver.com/Blogs/Anders-Hattestad/Dates/2010/12/Multiplexing-providers/ but that did not seem to fix my problem.

This is my current configuration:

MultiplexingRoleProvider

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" provider3="CMSRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" providerMap3="CMSMembershipProvider" />

MultiplexingRoleProvider

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" provider3="CMSRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" providerMap3="CMSMembershipProvider" />

There was also something in this post (http://blog.tomstenius.com/2009_04_01_archive.html) about using the roleToSynchronizeX attribute. I see it in the default web.config of a different commented out multiplexing tag. It doesn't look like it will solve my problem but what's the purpose of that attribute?

 

#61056
Sep 05, 2012 17:51
Vote:
 

The roleToSynchronize attribute is only valid if you have EPiServer Mail or Community installed I believe.

 

#61058
Sep 05, 2012 18:33
tdespenza@inwk.com
tdespenza@inwk.com
Vote:
 

Sorry about that. I posted the wrong configurations

MultiplexingRoleProvider

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" />

MultiplexingMembershipProvider

<add name="MultiplexingMembershipProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingMembershipProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalMembershipProvider" provider2="ActiveDirectoryInternalMembershipProvider"/>

#61061
Edited, Sep 05, 2012 20:11
Vote:
 

I'd recommend debugging and stepping through W2P.Xavier.Core.Infrastructure.Security.MultiplexingMembershipProvider if you have the possibility.

Add some logging to see what's going on if you can't setup debugging in a valid environment.

#61071
Sep 06, 2012 9:22
tdespenza@inwk.com
tdespenza@inwk.com
Vote:
 

Yes I have done that but I don't see where the groups are being pulled from. I've been working on this for weeks and still haven't found a solution. I'm looking for someone to point me in the right direction, if possible.

#61082
Sep 06, 2012 14:45
Stephan Lonntorp
Stephan Lonntorp
Vote:
 

How have you configured the individual providers? If you use them stand-alone, do they work then?

 

I'm using multiplexing to several different directories, and I have no problems there. One thing to know, depending on how your directory is structured, is that the membership provider may need access to the roles branch, if they are configured in a very granular manner.

#61084
Sep 06, 2012 15:18
tdespenza@inwk.com
tdespenza@inwk.com
Vote:
 

Here's my current configuration:

<membership defaultProvider="MultiplexingMembershipProvider" userIsOnlineTimeWindow="10">
<providers>
<clear />

<add name="MultiplexingMembershipProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingMembershipProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalMembershipProvider" provider2="ActiveDirectoryInternalMembershipProvider"/>

<add name="ActiveDirectoryInternalMembershipProvider"
type="W2P.Xavier.Core.Infrastructure.Security.CustomADProvider"
connectionStringName="ActiveDirectoryInternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
connectionProtection="None"
enableSearchMethods="true"
attributeMapUsername="sAMAccountName" />

<add name="ActiveDirectoryExternalMembershipProvider"
type="W2P.Xavier.Core.Infrastructure.Security.CustomADProvider"
connectionStringName="ActiveDirectoryExternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
connectionProtection="None"
enableSearchMethods="true"
attributeMapUsername="sAMAccountName" />

</providers>
</membership>

<roleManager enabled="true" defaultProvider="MultiplexingRoleProvider" cacheRolesInCookie="true">
<providers>
<clear />

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" />

<add name="ActiveDirectoryInternalRoleProvider"
type="EPiServer.Security.ActiveDirectoryRoleProvider, EPiServer"
connectionStringName="ActiveDirectoryInternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
attributeMapUsername="sAMAccountName" />

<add name="ActiveDirectoryExternalRoleProvider"
type="EPiServer.Security.ActiveDirectoryRoleProvider, EPiServer"
connectionStringName="ActiveDirectoryExternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
attributeMapUsername="sAMAccountName" />


</providers>
</roleManager>

And yes, individually they work fine.

#61085
Sep 06, 2012 15:32
Stephan Lonntorp
Stephan Lonntorp
Vote:
 

If they work individually, then my money is on your multiplexing implementation, have you tried stepping through what happens when a call is made to GetAllRoles for instance?

#61087
Sep 06, 2012 15:55
tdespenza@inwk.com
tdespenza@inwk.com
Vote:
 

If I use EPiServer.Security.MultiplexingRoleProvider, I get the same results. And yes I have stepped through the GetAllRoles method but I don't see where the roles are in the object.

#61088
Sep 06, 2012 16:01
Stephan Lonntorp
Stephan Lonntorp
Vote:
 

What I've don is iterating over all the configured providers, and getting the roles from each and every one of them, and finally returning the distinct collection of roles in the configured providers.

 

I don't know how well this would translate to your requirements, but it works for me.

#61089
Sep 06, 2012 16:07
tdespenza@inwk.com
tdespenza@inwk.com
Vote:
 

That's excatly what I've done but I now see that the roles are the same from both directories which should not be. It looks like it may be something with the implementation code after all. Thank you guys for all your help.

#61098
Sep 06, 2012 21:03
Stephan Lonntorp
Stephan Lonntorp
Vote:
 

Did you fix your problem?

#61191
Sep 11, 2012 14:38
tdespenza@inwk.com
tdespenza@inwk.com
Vote:
 

Yes. We had found out that there was caching underneath and disabled it.

#61193
Sep 11, 2012 14:41
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.