AD Authentication stopped working after trying to enable a second Portal #36
Comments
|
Hi again, I managed to reset settings, turn off AD Authentication on the second portal, and I got the auto log in working again in the first portal. So my question: Does DNN AD Authentication work in multiple portals? What would I need to know about setting that up? Thanks Tom |
|
Yes this module should work on multiple portals. I have it running on several right now. Though I do not use the auto login feature. I will need to setup a test environment to try and duplicate you issue before I can troubleshoot and that may take some time. Any more info you can provide from your setup would be great. |
|
Thanks for your response. Thanks again Tom |
|
HI again, OK, I was able to start fresh and test this on a test server . I am using DNN AD Authentication Extension version 6.0.2. I created a new test portal to try out this feature, and set the DNN AD authentication settings to the same as the other (working) portal, hit Update, and got Green response (everything looked OK) I had the original first portal already on this server, with AD authentication working. It continued to work. To test, I deleted my Windows user, cleared cookies and browsed to the site again, and it seamlessly re-created me as a Windows user from Active Driectory. The new test portal never has worked for auto log in, even though the settings showed OK (green). Now , something else has occurred in the original (first) portal. The auto log in stopped working, It's now telling me I don't have permission to the Windowssignin.aspx page. It does try to automatically log me in, but denies access and throws an error. I looked into the permissions settings (is IIS) for the WindowsSignin page, and they seem to be OK, nothing changed. (Though I do remember these setting were tricky to set up, so if you have any info on these permissions, let me know). To summarize, I have two portals - I set the AD Auth Extension settings identically for both, and both gave me the Green (OK) message when enabled. The original portal was working fine, even for a time after the new one was enabled. At some point, it lost permission to the Windows Sign In page. It does re-direct to the Windows sign in page, but can't get in to it. The new portal doesn't try to go to the Windows Sign-in page, and even when I explicitly browse there, it just goes to the site, doesn't create a user, doesn't log in . Let me know what you think! I would like to get this working for two separate portals. I appreciate your help. :) Tom |
|
I just uninstalled and started fresh on the test server. Again, I got Ad Authentication and auto login to work on the main portal. When I enabled Ad Authentication in the second portal, it didn't work there, and subsequently the first portal stopped working (tries to go to windowssignin.aspx but fails to authenticate with correct username/password). So this seems like a pattern I've seen three times. I can get authentication to work, but when I try to enable on a second portal, it doesnt work there, and then the first portal stops working. Let me know what you think, Thanks Tom |
|
I changed some code that should eliminate this problem. Can you install v6.00.08 at your earliest convenience and test please? Thanks! |
|
Thanks very much! I will start on testserver and let you know what I find. |
|
OK, I installed 6.00.08 on the test server, but it looks like it's behaving similar to before, in terms of getting AD authentication to work on multiple portals. I had the same result pattern, in which it works fine when just one portal is enabled, but when I enable the second portal, I can no longer access the windowssignin.aspx page. This time I actually got into a state where (for both portals) I couldn't even browse to the login page directly on either portal (it would always try to go to the windows signin page, and then fail to authenticate). In that case, I was able to get back to the login page by commenting out the following line from the web.config: Then, I could log back in as host and disable AD authentication, uncomment out the above line again, restart, and start over. I could never get it to work in multiple portals. I can only get it to work in the first portal (0) when the other portal (2) is not enabled for AD authentication. When I tried the other way around (portal 2 enabled, and portal 0 disabled), it also doesn't work. Only works on the first portal (0), when the second is disabled. I appreciate your efforts! I will try this version on the live site later, to see whether it fixed the other (errors on login) problem, It's of course possible (probable?) there is something wrong with how I'm doing this... I've checked the permissions for the windows signin page and unlocked the sections for anonymous and windows authentication in IIS. Anything about the AD Authentication Site Settings I might need to know? Maybe I should use a different user/password combo for the second portal? What about the "Default Authentication Provider" inside Security? Thanks again for your help on this. I remember you said you have it working on multiple portals, but without auto log-in. Does that mean unchecking "Do Not Automatically Create Users?" How does that work? Can you have the same user inside multiple portals? Thanks again Tom |
|
Maybe the problem occurs because of automatically logging in a user on the second portal (or trying to), when that user already exists in the first portal? I has another user try this with pretty much the same results - auto log in worked find, until enabling it on a second portal, and trying to browse there . It results in that user being unable to get into both portals. |
|
I accidentally hit the "Comment and Close" button, I didnt mean to close the thread |
|
It looks like what is happening is that users get locked out in some way, after trying to access the second portal when AD authentication is enabled for both portals. After that happens, the user can't access either portal. Their username/password (if correct) is accepted, but then you get a "Page isn't redirecting properly" attempting to access the WindowsSignin.aspx page. (If you try to enter an incorrect username/password, it will keep prompting you a few times and then give you 'permission denied'). We've tried this (on test server) with two users, and now we both cannot access the website at all. I can't get to a page or find any way to log in as the host. However, if we have another colleague (who hasn't yet browsed to the site) go to the site, the site comes up for him, picks up his AD information and creates him as a user. But the two users who tried to access both portals, cannot get access to eaither portal anymore. I'm thinking that maybe the problem is related to the same user (with all the same AD credentials) trying to (auto) log in to two separate portals (since in DNN you need to be a SuperUser to access more than one portal with the same credentials). DNN doesn't allow more than one users in different portals with the same Username. How does this work for you? Maybe you don't have any users accessing more than one portal with the same AD account. For me, even trying to access the second portal after having logged in to the first portal, causes the user to be somehow locked out of both portals. So, how can you have multiple portals with AD authentication, if any of the users need to access both portals? Do you think it's possible? Thanks again Tom |
|
Hi again, Just a reminder, I'm still looking for a solution to using AD authentication on more than one portal, where the same user can access both portals. Let me know if you have any insights. Thanks. |
|
I have some time this afternoon. I might can take a look. |
|
Thanks so much! |
|
Any luck with this? Still wondering whether I can use AD authentication with same users in multiple portals. I'm going to need to do this soon when I go live with a second portal. Thanks again |
|
Finally got a chance to dig deep into this. I have fixed the bug and tested across 2 portals successfully. Please update to 6.1.2 and report your findings. |
Hi,
Help!
I had AD with auto log in working well, on a production intranet site and a test server. I tried to get it working on another portal of the production site, using the exact same Site Settings as the original portal.
It doesn't work, and now even my original portal is not working for auto log in anymore. When it tries to access:
http://sccintranet.co.santa-cruz.ca.us/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?portalid=0 , it gives a Runtime error and doesn't log me in.
When I try to log in directly in the Windows Log In , it gives a "Critical Error" which doesnt show in the Admin Logs. Test server is still working fine ( I should have tried the new portal there first).
Does DNN AD Provider work in more than one portal? Do you need to set it up separately for each portal?
Thanks for any help!!
Tom
The text was updated successfully, but these errors were encountered: