MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Problems with Active Directory Authentication  (Mono Support )

Viewed 119877 time(s), 26 post(s) 12/5/2012 4:55:21 PMby afabri73
afabri73

afabri73

12/11/2012 3:43:20 PM
Hello,
in primis...thank you for your support and your disponibility.
I managed to solve almost the issues with AD. (SUCCESS)

Now I enter correctly with a domain admins and correctly I can view all protected pages and the administration bar and look and functionality bar in the top of the page.
But...if I try to connect with a domain user, it appears the top navigation bar with only the look/functionality.
This is wrong...the domain user should not see the navigation bar and they can't modify anything.

Any help about this particular problem?
This content has not been rated yet. 
115 Reputation 19 Total posts
denis

denis

12/11/2012 6:19:04 PM
It appears that your domain user has been recognized as an admin for some reason. You should check the list of admin roles in the web.config, if that looks ok, we should still take a look at your overall configuration.
This content has not been rated yet. 
7207 Reputation 956 Total posts
afabri73

afabri73

12/21/2012 2:55:10 PM
Hi Denis,
I resolved all authentications problems in my office (I don't use the windows but the form authentication and it function properly).
So...I've done a backup of root folder and DB.
Now I restored the working version of the website on production website in other company, I set correctly the configuration of AD, IIS, Security...but the site, after I try to login with AD credential (both Domain Admin and Domain User) I receive the attached Error.

I attach also the web.config (I change the real domain name with "domain.it")

Can you help me quickly
Thank You
Adriano
This content has not been rated yet. 
115 Reputation 19 Total posts
denis

denis

12/21/2012 4:03:56 PM
This is a different case - I'm quite sure that you have both computers and ordinary users grouped under the same role, and the error is thrown when MonoX tries to cast the ComputerPrincipal to the UserPrincipal.
Was this grouping done deliberately? I could log the support case to handle this kind of situation, but I am not sure if this should be encouraged.
This content has not been rated yet. 
7207 Reputation 956 Total posts
afabri73

afabri73

12/27/2012 2:44:16 PM
LDAP seams to be correctly configured.
I attach a screenshot of the LDAP root.
There are no connection between users and computers.
Every user can login into every computer

The account used (in web.config) to connect to LDAP must have specific rights?
There is no computer into Domain Users group.
There is no user into Computers group
The credentials used to connect to LDAP are correct because in the admin area (when I access with ASP.Net membership) I see in Role Manage Page all AD users groups

Any other help?
This content has not been rated yet. 
115 Reputation 19 Total posts
afabri73

afabri73

12/27/2012 2:26:27 PM
I found the problem. :-)
I had to specify the location where AD Domain Users are stored:
<add name="ADConnectionString" connectionString="LDAP://domain.it/OU=Domain Users,DC=domain,DC=it" />
Now...the users login and the are correctly recognized based on their AD role in the frontend, but If I try to connect with a Domain Admins user into the Admin area, I receive an access denied page.

I have no words...this is a never ending story!!!


This content has not been rated yet. 
115 Reputation 19 Total posts
afabri73

afabri73

12/27/2012 2:33:26 PM
Sorry I must correct...the login work succesfully and the Navigation Menu correctly change if I login as Domain User or Domain Admins, but If I try to open any page I receive the access denied message (also for the admin section).

:-(
This content has not been rated yet. 
115 Reputation 19 Total posts
denis

denis

12/27/2012 2:52:56 PM
Again, we should take a direct look at your setup. Are you saying that you are receiving the Access denied for all pages, even when you ar elogged in as Doman Admin??? Even for the default.aspx, blog page, and all other pages that by default allow all roles to view them?
This content has not been rated yet. 
7207 Reputation 956 Total posts
afabri73

afabri73

12/27/2012 3:12:54 PM
I know it.
I entered with ASP.NET Membership and I checked page permissions, but all pages have the correct permission.
Page
- View (Administrators,Domain Admins, Domain Users, Users)
- Edit (Administrators,Domain Admins)

This is the general configuration (web.config)
<add key="AdministratorRoles" value="Domain Admins,Administrators" />
<add key="NewsPublisherRoleName" value="Publishers,Domain Admins" />
<add key="AdManagerRoles" value="AdManager,Administrators,Domain Admins" />
<add key="BlogAdministratorRoles" value="Administrators,Publishers,Domain Admins" />
<add key="CalendarAdministratorRoles" value="Administrators,Publishers,Domain Admins" />
<add key="DiscussionAdministratorRoles" value="Administrators,Publishers,Domain Admins" />
<add key="PhotoGalleryAdministratorRoles" value="Administrators,Publishers,Domain Admins" />
<add key="NewsEditorRoles" value="NewsEditors,Domain Admins" />
<add key="ShowAjaxPanelForRoles" value="Domain Admins,Publishers" />
<add key="DefaultUserRoles" value="Domain Users,Users" />

But I can't also enter in Admins area with my domain admins user account

This is the error I received:
########################################################################
Security error.
at MonoSoftware.MonoX.BasePage.OnInit(EventArgs e) at MonoSoftware.MonoX.Pages.SocialNetworking.UserProfile.OnInit(EventArgs e) at System.Web.UI.Control.InitRecursive(Control namingContainer) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
########################################################################
This content has not been rated yet. 
115 Reputation 19 Total posts
denis

denis

12/27/2012 4:40:17 PM
These problems are very difficult to diagnose without having the direct access, since each AD configuration is different. If you can access the home page - that is not clear from the post above - you can insert the follwing code somehwere in it (I am referring to default.aspx in the root of the project)
<%= MonoSoftware.MonoX.Utilities.SecurityUtility.IsUserInRole("Domain Admins") %>
to see if the system recognizes you as a member of the domain admins group (which will probably return false). After that, you can go through the list of user roles, one by one...
<%= MonoSoftware.MonoX.Utilities.SecurityUtility.UserRoleIds()[0].ToString() %>
and increase the index by one to get ID of each role your current user is recognized to be a member of. If it errors out immediately, it basically means that MonoX cannot assign the current user to any of the AD groups.



This content has not been rated yet. 
7207 Reputation 956 Total posts
1 2 3