Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Active Directory Group Membership
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Active Directory Group Membership
 Post Reply Post Reply Page  <123>
Author
  Topic Search Topic Search  Topic Options Topic Options
kastigeer View Drop Down
Newbie
Newbie


Joined: 05 July 2006
Status: Offline
Points: 11 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kastigeer Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 10:45am
Ok I've done a bit more testing as this is what I have so far ..
 
Did a complete reinstall as follows:
copied the "forum" folder to the web server
In IIS admin set the "directory Security" for that folder to Integrated Authemtication only
Setup a new DB and ran the initial setup as per instructions
Logged on to the system - this happen as an AD user.
changed the last bit in the address from "/default.asp" to "/admin.asp"
logged in using the default administrator account and password
Went to "membership admin", clicked on the AD user account that had been automatically created (as "newbie" ) and then clicked on "Edit this members forum settings"
No option is available for "Admin and Moderator" functions - I'm pretty sure that when I click on the username and it pops up the new window for editing it's authenticating me as the AD user who is a "newbie" not the admin account
 
I then did a bit more fiddling - I went into the Database and changed the group membership for the AD account to "1" effectively making that account an admin account - I then logged on as the default administrator account (using /admin.asp) and checked that the AD user was an administrator.
The I logged on as the user by just opening a new browser and I then had the link to the Admin function in the top options, but when I click on it it asks for a password (the username cannot be changed) and it's not the password from AD so there's no way to go any further...
 
Is this something that can definitely be done?  To have an AD user be an administrator for the forums?
 
thanks
Barry
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 11:42am
The AD part at the moment is still relatively new, and until the last few weeks I didn't have an AD setup to test any of this on.

The AD feature is going to be developed further in future versions but for the moment anything other than just basic AD authentication may mean you will have to modify the code to get it to do what you want.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
kastigeer View Drop Down
Newbie
Newbie


Joined: 05 July 2006
Status: Offline
Points: 11 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kastigeer Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 11:49am

Ok thanks - I think I know where the problem lies - in the member forum admin area when you click on the users name to edit their profile it pops up a new window to do so and there is the button at the bottom of this screen to "edit this members profile" and I think that when windows authentication is turned on it is not passing through the fact that you are logged on as an administrator (ie not and AD account) when you click this button and instead logs you onto the new page (The "member control panel menu") it is doing so as a user not an administrator...

I'll see if I can figure something out about getting it working (always fun working with code you didn't write!) and let you know if I find anything.

 

thank

Barry
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 11:57am
For the moment one way around this is to give your AD authentication username and password field to the admin account in the database, this will mean that when you go to the forum you will always be logged in as the admin.

Further development will be carried out to streamline the process and build on the present AD authentication so that future versions will have a much better and simply way of setting this up.


Edited by -boRg- - 06 July 2006 at 11:58am
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
kastigeer View Drop Down
Newbie
Newbie


Joined: 05 July 2006
Status: Offline
Points: 11 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kastigeer Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 11:59am
Thanks - I'll try that route first.
Back to Top
kastigeer View Drop Down
Newbie
Newbie


Joined: 05 July 2006
Status: Offline
Points: 11 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kastigeer Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 12:51pm
Ok you can't set the admin name to be the same as an AD username as the login then fails with a complaint about a duplicate field in the DB.
 
I can however confirm that for some reason when you logon as an administrator (using the default account and NOT and AD account) with windows authentication enabled that when you get to the admin pages (The forum control panel - admin_menu.asp) that the blnAdmin field is False, ie the account is not being properly recognised as an admin account ...
 
I'm going to keep looking but maybe this will give you a clue as to something minor to adjust...
 
Barry
Back to Top
kastigeer View Drop Down
Newbie
Newbie


Joined: 05 July 2006
Status: Offline
Points: 11 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kastigeer Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 3:24pm
After a bit more digging I think there are two issues with using windows authentication.
 
The first I would imagine is quite easy to fix (easy for me to say!) - when someone logs in using windows authentication I don't believe that a cookie is being generated or used, so when getuserdata is called it does not return correct information such as the group to which the user belongs...  hence you even though an AD account may be a moderator you don't get moderator permissions when logged in.
 
The second has already been mentioned and is where after logging into the control panel as an admin user (non AD) when you try to edit a members profile it re-does an automatic logon and you end up viewing the members profile as the AD account you are using - which effectively will prevent any admin functions.
 
Barry
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2006 at 3:56pm
There is another topic on this same subject today, it maybe worth having a look in that topic about all these issues.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
 Post Reply Post Reply Page  <123>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.