Get Support Now    |     Purchase Support Hours    |     Contact Us
  Search
10 Simple Things that make any DNN site better

Get our PDF tutorial "10 Things" we think will make lots of DNN sites better. Its a great list that includes "how we do it" for all 10!

Email:

Get DotNetNuke Support
Guaranteed DNN help

Guaranteed? You bet! If you're not happy with our work give Don Bishop a call at 717.718.1208 x101. If we can't remedy the situation we'll refund your money.  It’s that simple. Guaranteed!

Need Support Right Now?
If you want to contact us immediately, give us a call.

717.718.1208

DotNetNuke Active Directory Fix IIS7.x with Integrated Pipeline

Posted By: Jon Sheely on 04/13/2011

The Goal

Login using Active Directory Authentication with IIS 7.x using .NET 4.0 and the Intregrated Pipeline.

The Problem

Documentation dictates that you can't use IIS7 with Integrated Pipeline and you must switch to a Classic Application pool. If you try you will get redirect loops and constant user switching between login and logout states.

Step 1

Add the Active Directory Authentication Module to the System.WebServer module section of the web.config

<add name="Authentication" type="DotNetNuke.Authentication.ActiveDirectory.HttpModules.AuthenticationModule,  DotNetNuke.Authentication.ActiveDirectory" preCondition="managedHandler" />

Step 2

The code just needed modified in the AuthenticationModule.vb handler

  1. Removed checks for if the server is using IIS7. Line: 84-86
  2. Removed the check for Hosting Permission Leveling (Although I'm sure this could be put back). Line: 87-90
  3. Changed the Response.Redirect on the AuthStatus=AuthenticationStatus.Undefined If statement to a HttpContext.Current.Server.Transfer(url) . Line: 121

The Server.Transfer stops the authentication module from getting stuck in a redirect loop where the cookie is not read properly when obtaining the current status of the login process.

My Configuration

Now with these tweaks enabled you simply need to follow the standard installation guide to enable Windows Authentication security and configure your site as a trusted site.

What you can now do with this module fully functioning.

  • Login automatically with active directory authentication
  • Log out (3 minutes logout duration before you are automatically logged in again.)
  • Login as a standard DNN user. aka Host User

You are now 1 step closer to single sign-on bliss.

 

 

Comments
Ash Prasad Says:
This issue is (should be) fixed in the upcoming AD provider (currently under beta). Can you please help test and verify? http://dnnauthad.codeplex.com/workitem/5018
Posted By: Ash Prasad on 4/14/2011 1:41:25 PM
Mike Horton Says:
Hi Jon

What happens with your provider if you run it under the .NET 2.0 framework? Does it still work then?
Posted By: Mike Horton on 4/14/2011 2:01:57 PM
Jon Sheely Says:
Ash,

Thank you for the update. I will definitely test the new version and look forward to out of the box support for the IIS 7.x and the integrated pipeline.

Jon
Posted By: Jon Sheely on 4/14/2011 2:05:03 PM
Jon Sheely Says:
Mike,

Good question. I have not tested it myself but nothing jumps out at me as to why it shouldn't work with .net 2.0. Mainly the code changes were to remove the checks to stop it from invaliding against IIS7 and to obviously add it section for IIS7.

The only code change that would effect both versions would be the use of the HttpContext.Current.Server.Transfer(url) function. I don't see any reason why this shouldn't respond the same for both but I have not confirmed.

Jon
Posted By: Jon Sheely on 4/14/2011 2:10:13 PM
Mike Horton Says:
Jon

When IIS7 came out the provider would not work under the integrated pipeline which is why the checks were put in. I was in contact with Mike Volodarsky who was the project manager for IIS 7 about it and they actively blocked having both Forms and Windows Authentication on the same pages. He came up with a work around but I never got it implemented until the pending release. More information about the work around can be found here.... http://mvolo.com/blogs/serverside/archive/2008/02/11/IIS-7.0-Two_2D00_Level-Authentication-with-Forms-Authentication-and-Windows-Authentication.aspx.

That said, I intend to do some testing with your changes against both .NET 2.0 and .NET 4. There are a couple of other areas where the code checks against IIS7 but I can't remember them off the top of my head. We may end up having to release two versions of the provider (one for .NET 4 and one for .NET 2).
Posted By: Mike Horton on 4/15/2011 12:26:56 AM
The North Face Canada Says:
Asked about the Republican race The North Face Canada Outlet
Posted By: The North Face Canada on 12/15/2011 2:55:01 AM
Adidas Wing Shoes Says:
A release is set for later this month at atmos.Jeremy Scott Adidas
Posted By: Adidas Wing Shoes on 2/19/2012 10:41:36 PM
Your Name:
Your eMail Address:
Your Comment:
CAPTCHA image
Enter the code shown above in the box below
Post Comment

Contact Spiffy For DNN Support!

If you need DotNetNuke support contact us to talk about your site. No obligation!  Click here to get DNN support now. 

Spiffy Web Team
4 Kent Rd Ste. 200
York, PA 17402		 Phone: 717.718.1208
Toll Free: 800.932.3380
Fax: 717.600.2341

Follow Spiffy!

Follow us on Twitter, Facebook and YouTube to get updates when we post great new blog entries and new videos that can help you learn about DotNetNuke! We also throw in a few great downloads and specials offers ever now and then too, there's no downside!

            

Copyright 2009-2011 Affinigent, Inc.
Site Map    |     Terms of Service    |     Link to Us    |     Homepage    |     Mobile Site    |     Login
Follow Us on Facebook, Twitter and You Tube