how do i setup my web.config to use Forms authentication, Set The Membership provider to ActiveDirectoryMembershipProvider and use the built-in login control. so that I can log into my web application using a valid active directory username and password???
Check out this walk through for the ActiveDirectoryMembershipProvider.
Related
We have created a website that is using GeoServer and Openlayers to create a mapping tool for some users. The app allows the users to add layers in GeoServer and these are presented in the web app for other users to consume.
We want the website to use the company Azure Active Directory to allow the users to have access. We have tried using the OAuth2 (google one) and LDAP plugin's for GeoServer to try to connect to Azure AD, however we cant get it to authenticate.
Is there a plugin for GeoServer to Azure AD or is there another plugin we can use instead.
Any help on the settings that are needed as well would also be helpful.
You can use a proxy to authenticate against AAD using OIDC and set the authenticated user in HTTP Header to use Header Authentication
You can configure Geoserver to use the built-in role service if you need AAD Authentication only
If you want to use AAD groups as roles in GeoServer you can make AAD groups as role claims in the token and in the proxy you can add these role claims in another header and configure GeoServer to accept those roles
I want use Mixed mode authentication in my application.
I want Windows AD Authentication for intranet users and Forms authentication for internet users.
How can I configure this.
Check out the Kentico documentation for Mixed Mode Authentication.
Essentially you will:
determine if you want to import AD roles or not (web.config key)
Add an LDAP connection string to your web.config
Modify the membership and roleManager elements under congfiguration/system.web section in your web.config to use the AD connection string and provider
map the username field
It's not a hard setup really and much easier if you don't have users already in the Kentico system. If the username already exists in Kentico, the user will NOT be imported into Kentico from AD.
I am using Identity Server for implementing single sign-on and access control. Currently I am using internal(in DB), OpenId and Google as for single sign-on and access control.We have one a requirement to use Windows Azure AD users for the same.Is this possible to authenticate with Azure AD using the Identity Server, and should be able to update role and claims on Azure Active Directory?
I have found one solution i.e. Graph API but it is not part of Identity Server (https://identityserver.github.io).
Thanks in Advance.
If you are using identity server 3 then ws-federation can be used for authentication and roles. You can use following two links to understand it more.
for ws federation authentication:
http://nzpcmad.blogspot.in/2015/12/identityserver-aspnet-mvc-application_7.html
For creating role for the users:
http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
However if you want to update also the user information, you have to use graph-api
You need to add azure active directory authentication middleware in your application pipeline at your STS server for Azure active directory having all required standard properties.
I have a web application using windows authentication. I also want to authenticate non-domain users against AD. Can I have domain members can enter site directly, and non-members enter their domain username and password.
How can I do this?
It is possible to do this but you probably want to have 2 distinct web applications running accessing a similar set of application code.
Web application 1 is configured to use Windows authentication.
Web application 2 is configured to use Forms authentication. You need to have some additional code in this application which allows a user to authenticate themselves using LDAP against the active directory. This code is placed in an authentication provider if you use ASP.NET.
Assuming your using ASP.NET, you can write a custom provider that first auths against your AD, then a non AD store.
Or you can use multiple providers, ActiveDirectoryMembershipProvider and then for example SqlMembershipProvider.
I have created an authetication provider and went to central administration >> Authentication Providers and changed the authentication settings to Forms and filled in Membership provider and Role manager details.
Now, when i go to create a site collection under the above mentioned web application, the people picker in the create site collection page still refers to the active directory(central admin has windows authentication).
Can any one explain this behaviour?
I actually expected the People picker in the Create site collection page to refer to the Forms database rather than active directory.
Thanks
In the web.config for your web app, you need to change the value in the <PeoplePickerWildcards> node. Change the key to your membership provider.
You need to add your the configuration information for the membership provider to the web.config file for Central Administration. This will allow Central Admin to find from both AD and your own membership. There are examples on Technet for a SQL Server and an LDAP membership provider. Note how it mentions that the membership provider info needs to be added to both the web app's web.config and to Central Admin's. If you're using a Role Manager though, don't put that info in the Central Admin web.config, or at least not unless you really know what you're doing and why. :)
Once you do this the people picker should be able to find people from your FBA solution's membership provider. One little caveat if you happen to be using the same AD store (or some kind of replica) for both Windows auth and LDAP auth. You'll need to use the "prefix" of your membership provider name when specifying the user, otherwise the people picker will always lookup the native AD version of that user. For example, looking up "jdoe" will always find "domain\jdoe" first. If you want jdoe from an LDAP provider pointing at that AD, you'll have to explicitly put in "ldap:jdoe" (substituting whatever you called your membership provider in the web.config for "ldap"