Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

Multiplexing Two Active Directories

Vote:
 

I've set up multiplexing for both internal and external ADs. I'm able to sign in as it does authenticate against both directories but it only pulls the groups from first AD provider and not the second. I've seen post http://world.episerver.com/Blogs/Anders-Hattestad/Dates/2010/12/Multiplexing-providers/ but that did not seem to fix my problem.

This is my current configuration:

MultiplexingRoleProvider

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" provider3="CMSRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" providerMap3="CMSMembershipProvider" />

MultiplexingRoleProvider

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" provider3="CMSRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" providerMap3="CMSMembershipProvider" />

There was also something in this post (http://blog.tomstenius.com/2009_04_01_archive.html) about using the roleToSynchronizeX attribute. I see it in the default web.config of a different commented out multiplexing tag. It doesn't look like it will solve my problem but what's the purpose of that attribute?

 

#61056
Sep 05, 2012 17:51
Vote:
 

The roleToSynchronize attribute is only valid if you have EPiServer Mail or Community installed I believe.

 

#61058
Sep 05, 2012 18:33
Vote:
 

Sorry about that. I posted the wrong configurations

MultiplexingRoleProvider

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" />

MultiplexingMembershipProvider

<add name="MultiplexingMembershipProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingMembershipProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalMembershipProvider" provider2="ActiveDirectoryInternalMembershipProvider"/>

#61061
Edited, Sep 05, 2012 20:11
Vote:
 

I'd recommend debugging and stepping through W2P.Xavier.Core.Infrastructure.Security.MultiplexingMembershipProvider if you have the possibility.

Add some logging to see what's going on if you can't setup debugging in a valid environment.

#61071
Sep 06, 2012 9:22
Vote:
 

Yes I have done that but I don't see where the groups are being pulled from. I've been working on this for weeks and still haven't found a solution. I'm looking for someone to point me in the right direction, if possible.

#61082
Sep 06, 2012 14:45
Vote:
 

How have you configured the individual providers? If you use them stand-alone, do they work then?

 

I'm using multiplexing to several different directories, and I have no problems there. One thing to know, depending on how your directory is structured, is that the membership provider may need access to the roles branch, if they are configured in a very granular manner.

#61084
Sep 06, 2012 15:18
Vote:
 

Here's my current configuration:

<membership defaultProvider="MultiplexingMembershipProvider" userIsOnlineTimeWindow="10">
<providers>
<clear />

<add name="MultiplexingMembershipProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingMembershipProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalMembershipProvider" provider2="ActiveDirectoryInternalMembershipProvider"/>

<add name="ActiveDirectoryInternalMembershipProvider"
type="W2P.Xavier.Core.Infrastructure.Security.CustomADProvider"
connectionStringName="ActiveDirectoryInternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
connectionProtection="None"
enableSearchMethods="true"
attributeMapUsername="sAMAccountName" />

<add name="ActiveDirectoryExternalMembershipProvider"
type="W2P.Xavier.Core.Infrastructure.Security.CustomADProvider"
connectionStringName="ActiveDirectoryExternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
connectionProtection="None"
enableSearchMethods="true"
attributeMapUsername="sAMAccountName" />

</providers>
</membership>

<roleManager enabled="true" defaultProvider="MultiplexingRoleProvider" cacheRolesInCookie="true">
<providers>
<clear />

<add name="MultiplexingRoleProvider" type="W2P.Xavier.Core.Infrastructure.Security.MultiplexingRoleProvider, W2P.Xavier.Core" provider1="ActiveDirectoryExternalRoleProvider" provider2="ActiveDirectoryInternalRoleProvider" providerMap1="ActiveDirectoryExternalMembershipProvider" providerMap2="ActiveDirectoryInternalMembershipProvider" />

<add name="ActiveDirectoryInternalRoleProvider"
type="EPiServer.Security.ActiveDirectoryRoleProvider, EPiServer"
connectionStringName="ActiveDirectoryInternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
attributeMapUsername="sAMAccountName" />

<add name="ActiveDirectoryExternalRoleProvider"
type="EPiServer.Security.ActiveDirectoryRoleProvider, EPiServer"
connectionStringName="ActiveDirectoryExternalConnection"
connectionUsername="[username]"
connectionPassword="[password]"
attributeMapUsername="sAMAccountName" />


</providers>
</roleManager>

And yes, individually they work fine.

#61085
Sep 06, 2012 15:32
Vote:
 

If they work individually, then my money is on your multiplexing implementation, have you tried stepping through what happens when a call is made to GetAllRoles for instance?

#61087
Sep 06, 2012 15:55
Vote:
 

If I use EPiServer.Security.MultiplexingRoleProvider, I get the same results. And yes I have stepped through the GetAllRoles method but I don't see where the roles are in the object.

#61088
Sep 06, 2012 16:01
Vote:
 

What I've don is iterating over all the configured providers, and getting the roles from each and every one of them, and finally returning the distinct collection of roles in the configured providers.

 

I don't know how well this would translate to your requirements, but it works for me.

#61089
Sep 06, 2012 16:07
Vote:
 

That's excatly what I've done but I now see that the roles are the same from both directories which should not be. It looks like it may be something with the implementation code after all. Thank you guys for all your help.

#61098
Sep 06, 2012 21:03
Vote:
 

Did you fix your problem?

#61191
Sep 11, 2012 14:38
Vote:
 

Yes. We had found out that there was caching underneath and disabled it.

#61193
Sep 11, 2012 14:41
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.