|
Home > Archive > Microsoft Content Management Server > June 2006 > ADAM user autthentication - Form Redirect problem
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ADAM user autthentication - Form Redirect problem
|
|
|
| Hi,
I have developed a MCMS application, which have a Login module. In the
LoginBttuon_Click event, I wrote the following code. When I run the
app, I received the following err message.
Err:
"Succeeded: CN=ADAMAdmin. Value cannot be null. Parameter name:
authenticationTicket "
Try
Dim userName As String
Dim password As String
userName = UserNameTextBox.Text
password = PasswordTextBox.Text
Dim LdapObj As String =
"CN=ADAMAdmin,CN=Users,O=angler,C=CBE"
Dim LdapBindNm As String = "CN=" + userName +
",CN=Users,O=angler,C=CBE"
Dim ent As New DirectoryEntry("LDAP://dotnet:1030/" +
LdapObj, LdapBindNm, password, AuthenticationTypes.None)
Dim ticket As CmsAuthenticationTicket =
CmsFormsAuthentication.AuthenticateAsUser(userName, password)
If ent.Name <> "" Then
Response.Write("Succeeded: " + ent.Name)
CmsFormsAuthentication.RedirectFromLoginPage(ticket,
True, False)
Else
Response.Write("Error")
End If
Catch ex As Exception
Response.Write(ex.Message)
End Try
Please help me.
Thanks in advance
| |
| Spencer Harbar [MVP] 2006-06-27, 1:18 pm |
| Hello BSm,
you need to check that the CmsAuthentciationTicket is not null. In the code
below you are simply checking th ent.Name property is not a string.
you should also bind to ADAM before proceeding, i.e.
{
// Connect to ADAM using LDAP AuthN..
DirectoryEntry ent = new DirectoryEntry(sLDAPServer + sLDAPobj,
sBindName, sPassword,
AuthenticationTypes.None);
// Retrieve attribute (which actually binds) and check the value...
if ((string)ent.Properties["name"].Value == sDECheck)
{
// LDAP AuthN succeeded, so perform Windows
// AuthN to setup a MCMS context...
CmsAuthenticationTicket ticket =
CmsFormsAuthentication.AuthenticateAsUser(sWindowsUser,
sPassword);
if( ticket != null )
{
// Windows AuthN succeeded so continue...
CmsFormsAuthentication.RedirectFromLoginPage(ticket,
true,
CheckPersistent.Checked);
}
}
// Windows AuthN failed...
OutMessage.InnerHtml = LTInvalidUserMessage;
}
catch(Exception)
{
// LDAP AuthN failed...
OutMessage.InnerHtml = LTGeneralExceptionMessage;
}
}
Note if you are using ASp.NET 2.0 using the Membership Provider model is
a better approach
hth
Spence
www.mcmsfaq.com
> Hi,
>
> I have developed a MCMS application, which have a Login module. In the
> LoginBttuon_Click event, I wrote the following code. When I run the
> app, I received the following err message.
> Err:
> "Succeeded: CN=ADAMAdmin. Value cannot be null. Parameter name:
> authenticationTicket "
> Try
> Dim userName As String
> Dim password As String
> userName = UserNameTextBox.Text
> password = PasswordTextBox.Text
> Dim LdapObj As String =
> "CN=ADAMAdmin,CN=Users,O=angler,C=CBE"
> Dim LdapBindNm As String = "CN=" + userName +
> ",CN=Users,O=angler,C=CBE"
> Dim ent As New DirectoryEntry("LDAP://dotnet:1030/" +
> LdapObj, LdapBindNm, password, AuthenticationTypes.None)
>
> Dim ticket As CmsAuthenticationTicket =
> CmsFormsAuthentication.AuthenticateAsUser(userName, password)
>
> If ent.Name <> "" Then
> Response.Write("Succeeded: " + ent.Name)
> CmsFormsAuthentication.RedirectFromLoginPage(ticket,
> True, False)
> Else
> Response.Write("Error")
> End If
> Catch ex As Exception
> Response.Write(ex.Message)
> End Try
> Please help me.
>
> Thanks in advance
>
| |
|
| hi spencer, thanks for your response. I have created new MCMS app (in
C#) and as you said, I verified (ticket != null). I put debug symbol in
code and I found that when system comes to (ticket != null) line, I
could see the value as <undefined value> in immediate window. So
Redirection wasn't happenned.
string userName;
string password;
userName = UserNameTextBox.Text;
password = PasswordTextBox.Text;
string LdapObj = "CN=ADAMAdmin,CN=Users,O=xxxx,C=CBE";
string LdapBindNm = "CN=" + userName + ",CN=Users,O=xxx,C=CBE";
DirectoryEntry ent = new DirectoryEntry("LDAP://dotnet:1030/" +
LdapObj, LdapBindNm, password, AuthenticationTypes.None);
CmsAuthenticationTicket ticket =
CmsFormsAuthentication.AuthenticateAsUser(userName, password);
if( ticket != null )
{
CmsFormsAuthentication.RedirectFromLoginPage(ticket, true, false);
}
lblErrMsg.Text="Login Failed...";
Thanks in advance...
Spencer wrote:[vbcol=seagreen]
> Hello BSm,
>
> you need to check that the CmsAuthentciationTicket is not null. In the code
> below you are simply checking th ent.Name property is not a string.
> you should also bind to ADAM before proceeding, i.e.
>
> {
> // Connect to ADAM using LDAP AuthN..
> DirectoryEntry ent = new DirectoryEntry(sLDAPServer + sLDAPobj,
> sBindName, sPassword,
> AuthenticationTypes.None);
> // Retrieve attribute (which actually binds) and check the value...
> if ((string)ent.Properties["name"].Value == sDECheck)
> {
> // LDAP AuthN succeeded, so perform Windows
> // AuthN to setup a MCMS context...
> CmsAuthenticationTicket ticket =
> CmsFormsAuthentication.AuthenticateAsUser(sWindowsUser,
> sPassword);
> if( ticket != null )
> {
> // Windows AuthN succeeded so continue...
> CmsFormsAuthentication.RedirectFromLoginPage(ticket,
> true,
> CheckPersistent.Checked);
>
> }
> }
> // Windows AuthN failed...
> OutMessage.InnerHtml = LTInvalidUserMessage;
> }
> catch(Exception)
> {
> // LDAP AuthN failed...
> OutMessage.InnerHtml = LTGeneralExceptionMessage;
> }
> }
>
>
> Note if you are using ASp.NET 2.0 using the Membership Provider model is
> a better approach
>
>
>
> hth
> Spence
> www.mcmsfaq.com
>
| |
| Spencer Harbar [MVP] 2006-06-28, 7:23 am |
| Hello BSm,
OK, I'd look at the format of your userName variable.
In the code below, you are using the same format for ADAM and Windows Auth
(which is what CmsFormsAuthentication.AuthenticateAsUser uses).
So for example if userName is 'spence' this won't work as only ADAM authN
will succeed. AuthenticateAsUser expects the username in the format:
WinNT://MachineOrDomainName/username
hth
Spence
www.mcmsfaq.com
[vbcol=seagreen]
> hi spencer, thanks for your response. I have created new MCMS app (in
> C#) and as you said, I verified (ticket != null). I put debug symbol
> in code and I found that when system comes to (ticket != null) line, I
> could see the value as <undefined value> in immediate window. So
> Redirection wasn't happenned.
>
> string userName;
> string password;
> userName = UserNameTextBox.Text;
> password = PasswordTextBox.Text;
> string LdapObj = "CN=ADAMAdmin,CN=Users,O=xxxx,C=CBE";
> string LdapBindNm = "CN=" + userName + ",CN=Users,O=xxx,C=CBE";
> DirectoryEntry ent = new DirectoryEntry("LDAP://dotnet:1030/" +
> LdapObj, LdapBindNm, password, AuthenticationTypes.None);
>
> CmsAuthenticationTicket ticket =
> CmsFormsAuthentication.AuthenticateAsUser(userName, password);
> if( ticket != null )
> {
> CmsFormsAuthentication.RedirectFromLoginPage(ticket, true,
> false);
> }
> lblErrMsg.Text="Login Failed...";
> Thanks in advance...
>
> Spencer wrote:
>
| |
|
| dear spencer,
Thank you very much for your prompt support.
The method you have suggested is correct. Many of samples that I looked
given the samething. But my expectation is, I want to use only ADAM
user, bcaz my client doesn't want Active directory authentication in
MCMS. He needs Single Sign-On facility using LDAP. Thats' why I chose
ADAM. Is it correct method. Or any other method is there to achieve
single sign on using LDAP.
Thanks in advance.
Spencer wrote:[vbcol=seagreen]
> Hello BSm,
>
> OK, I'd look at the format of your userName variable.
> In the code below, you are using the same format for ADAM and Windows Auth
> (which is what CmsFormsAuthentication.AuthenticateAsUser uses).
>
> So for example if userName is 'spence' this won't work as only ADAM authN
> will succeed. AuthenticateAsUser expects the username in the format:
> WinNT://MachineOrDomainName/username
>
>
>
> hth
> Spence
> www.mcmsfaq.com
>
| |
| Spencer Harbar [MVP] 2006-06-28, 1:21 pm |
| Hello BSm,
MCMS always requires authorization using Windows Accounts (which can be local
machine accounts as well as domain accounts).
Therefore, any call to CmsFormsAuthentication.AuthenticateAsUser will attempt
to authenticate using Windows Accounts. There is no way to avoid this!!
However you can use an external store (e.g. ADAM) for authentication of users
and then use MCMS for Authorisation assuming users are replicated in the
local accounts.
Please take a look at www.mcmsfaq.com/faq and expand the item "Q: Can I use
an external LDAP based directory service for authentication and authorisation
with MCMS? " for more details.
hth
Spence
www.mcmsfaq.com
[vbcol=seagreen]
> dear spencer,
>
> Thank you very much for your prompt support.
>
> The method you have suggested is correct. Many of samples that I
> looked given the samething. But my expectation is, I want to use only
> ADAM user, bcaz my client doesn't want Active directory authentication
> in MCMS. He needs Single Sign-On facility using LDAP. Thats' why I
> chose ADAM. Is it correct method. Or any other method is there to
> achieve single sign on using LDAP.
>
> Thanks in advance.
>
> Spencer wrote:
>
| |
|
| dear spencer,
What you are saying is exactly correct. I understand the usage. You
know, the www.mcmsfaq.com/faq website is the first one which helped me
when I enter into MCMS scenario. I will start working with ADAM and AD.
My next task is using ADAM user previleges in MCMS project. Do you have
any ref URL link. If so plz suggest.
Thank you very much for your timely help.
Spencer wrote:[vbcol=seagreen]
> Hello BSm,
>
> MCMS always requires authorization using Windows Accounts (which can be local
> machine accounts as well as domain accounts).
>
> Therefore, any call to CmsFormsAuthentication.AuthenticateAsUser will attempt
> to authenticate using Windows Accounts. There is no way to avoid this!!
>
> However you can use an external store (e.g. ADAM) for authentication of users
> and then use MCMS for Authorisation assuming users are replicated in the
> local accounts.
>
> Please take a look at www.mcmsfaq.com/faq and expand the item "Q: Can I use
> an external LDAP based directory service for authentication and authorisation
> with MCMS? " for more details.
>
>
>
> hth
> Spence
> www.mcmsfaq.com
>
| |
| Spencer Harbar [MVP] 2006-06-30, 7:20 am |
| Hello BSm,
There are no resources out there that cover this in detail. In fact I'm currently
completing a white paper on this topic, ETA next week.
I don't really understand your query below - if you could provide more information
I'd be happy to help here.
You cannot use ADAM "priviledges" directly in MCMS - all you can do is use
them for authentication - once the user is athenticated you need to map that
ADAM identity to a Windows one, which you can then use to perform MCMS operations.
hth
Spence
www.mcmsfaq.com
[vbcol=seagreen]
> dear spencer,
>
> What you are saying is exactly correct. I understand the usage. You
> know, the www.mcmsfaq.com/faq website is the first one which helped me
> when I enter into MCMS scenario. I will start working with ADAM and
> AD.
>
> My next task is using ADAM user previleges in MCMS project. Do you
> have any ref URL link. If so plz suggest.
>
> Thank you very much for your timely help.
>
> Spencer wrote:
>
| |
|
| Hello spencer,
Let me try the concept you suggessted and come back to you. So that I
can explain in detail.
Thanks for your support.
Spencer wrote:[vbcol=seagreen]
> Hello BSm,
>
> There are no resources out there that cover this in detail. In fact I'm currently
> completing a white paper on this topic, ETA next week.
>
> I don't really understand your query below - if you could provide more information
> I'd be happy to help here.
>
> You cannot use ADAM "priviledges" directly in MCMS - all you can do is use
> them for authentication - once the user is athenticated you need to map that
> ADAM identity to a Windows one, which you can then use to perform MCMS operations.
>
> hth
> Spence
> www.mcmsfaq.com
>
|
|
|
|
|