MonoX can be easily integrated with Active Directory for authorization and authentication tasks. In this scenario no user or role management takes place within the portal itself. Authentication is performed via Windows authentication and authorization is based on user membership in Active Directory groups.
MonoX web.config comes with a predefined connection strings and configuration settings for ActiveDirectory role and membership providers. Note that by default Microsoft provides only ActiveDirectoryMembershipProvider which can provide authentication against AD stores. MonoX introduces custom ActiveDirectoryRoleProvider that is used to acquire all AD roles. AD roles have to be present in the portal database to assure that referential integrity constraints are satisfied. All role synchronization tasks are performed by the provider, without user’s intervention.
To turn the AD provider ON:
1. Put the AD server, username and password info in this tag:
<ActiveDirectoryConfiguration server="myserver.domain.name" username="MyUsername" password="MyPassword" />
2. Fill in the connection string information:
The connection string to the Active Directory user store is in the following format:
Where:
server is the name (or IP address) of the server that is hosting the directory.
userdn is the distinguished name (DN) of the Active Directory user store. This consists of /CN=Users which is the user store container name, followed by the partition, which is derived from the fully qualified domain name.
For example, if your domain is called domain.testing.com, the connection string is LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com. Note that we have success with the strings that does not include the CS and DN parts: LDAP://domain.testing.com
More info: http://msdn.microsoft.com/en-us/library/ff648345.aspx
3. Uncomment the following section
<add name="ActiveDirectoryMembershipProvider" type="MonoSoftware.MonoX.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" applicationName="MonoX" connectionUsername="MyUsername@mydomain" connectionPassword="MyPassword" />
and change the default membership provider:
<membership defaultProvider="ActiveDirectoryMembershipProvider" hashAlgorithmType="SHA1">
4. Uncomment the following section
<add applicationName="MonoX" name="ActiveDirectoryRoleProvider" type="MonoSoftware.MonoX.ActiveDirectoryRoleProvider" connectionStringName="ADConnectionString" groupMode="Additive" groupsToUse="" groupsToIgnore="" usersToIgnore="" sqlConnectionStringName="" cacheTime="1800" domainName="domain.name" userName="MyUsername@mydomain" password="MyPassword" />
and change the default role provider:
<roleManager enabled="true" defaultProvider="ActiveDirectoryRoleProvider">
Note that you don’t have to change the authentication type – it still has the default value, “Forms”. Now when you go to the login screen, MonoX should contact the AD server and authenticate users against its store. All users roles will be visible in the admin panels for administration purposes, but they are NOT managed inside MonoX – everything is dynamically synchronized with the AD store.