AD interface login

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Brent Members Profile Find Members Posts Newbie Joined: 16 May 2008 Status: Offline Points: 8	Post Options Post Reply Quote Brent Report Post Thanks(0) Quote Reply Topic: AD interface login Posted: 16 May 2008 at 9:59pm
	I would like to interface our Forum with AD so our users dont have a seperate login/password for our forum. But i'm confused on a few things, maybe someone can help me figure it out before make this change and it isnt what I expected.. I have a couple of questions: 1) If I use the AD interface will users have to use thier Username to log in to the forum, or will they use their displayName? For instance each department has unique usernames for AD.. some are just numbers like 10378 and others are numbers and initials like 4FJEH. however everyones DisplayName is their actual real name. What I would like to happen is that they use their username to log in to the forum, but the Displayname will be used on posts..etc. Is this possible? I would hate for them to have to log in as: John R. Smith (displayname) but thats how I want it to appear once they are in. 2) I'm no SQL expert but the requirements for the AD mod are SQL Server 2005. Will Express work as well? Any help is Much Appreciated.

Jono Members Profile Find Members Posts Mod Builder Group Joined: 18 September 2006 Location: United Kingdom Status: Offline Points: 100	Post Options Post Reply Quote Jono Report Post Thanks(0) Quote Reply Posted: 17 May 2008 at 10:21am
	Hi Brent, By default Web Wiz Forums uses NT authentication (e.g. DOMAIN\USERNAME) and displays the username portion on posts. The MOD that I wrote enhances this method to query Active Directory and update the name with displayName, and also get the physicalDeliveryOfficeName, title and email fields from AD. The user does not have to "log in" as the system already knows who they are. I've included documention in the code, so it may be worth opening the two asp files within the MOD (use notepad) and view the source to see what's happening. The instructions I wrote were designed as a step-by-step guide. The system will happily work with SQL Express - Microsoft have now release the management studio component for SQL Express, so the same instuctions should work for both. Hope this helps, but if anything needs further explaination, please post back.

Brent Members Profile Find Members Posts Newbie Joined: 16 May 2008 Status: Offline Points: 8	Post Options Post Reply Quote Brent Report Post Thanks(0) Quote Reply Posted: 19 May 2008 at 12:26pm
	Yes this helps. It looks like I won't be able to use the AD mod then. We use AD but we dont use windows authentication. We have a little different setup where each agency only has 2 computers and the computer is logged on to the network with a generic machine name. For all of our applications users just use their AD login to access them. We do this because up to 100 different people may have to use the same machine and logging the computer itself on and off for every user wasnt a good option. Thanks for the answers though.

wb-in-wpb Members Profile Find Members Posts Newbie Joined: 16 April 2008 Status: Offline Points: 17	Post Options Post Reply Quote wb-in-wpb Report Post Thanks(0) Quote Reply Posted: 19 May 2008 at 4:03pm
	Brent- Are you saying that they use runas and specify the domain login on all the applications? You could start IE with the runas to specify the user and then the forum would pick that up. I have done that myself to test some settings under a different user. The only problem I found was that the GoogleToolbarNotifier did not like to be run multi-instance (once as me, once as another user) so I had to kill that process.

Jono Members Profile Find Members Posts Mod Builder Group Joined: 18 September 2006 Location: United Kingdom Status: Offline Points: 100	Post Options Post Reply Quote Jono Report Post Thanks(0) Quote Reply Posted: 19 May 2008 at 5:41pm
	Hi Brent, If you enable authentication on the web site, it will prompt your users for the AD username and password. As you would have to get them to log in anyway, it would be one less username/password combination for them to remember and you get the advantage of all the information auto-populating.

Brent Members Profile Find Members Posts Newbie Joined: 16 May 2008 Status: Offline Points: 8	Post Options Post Reply Quote Brent Report Post Thanks(0) Quote Reply Posted: 21 May 2008 at 3:20pm
	Well I got it to do what I want it to do (mostly). Intead of turning on Windows Authentication on the forum folder in IIS, I turned on Basic Authentication. So when they go to the forum it prompts them for thier AD login and password. once entered, the AD mod kicks in and logs them in as thier DisplayName. Works great! Thanks Jono for your help and this MOD. It is getting the job done for us. The only issue we seem to have is that most would like to be able to at least view the forum without logging in. This effectively removes the ability of guest browsing. Seeing how this works I guess you can only have the 1 administrator account as well correct?

Jono Members Profile Find Members Posts Mod Builder Group Joined: 18 September 2006 Location: United Kingdom Status: Offline Points: 100	Post Options Post Reply Quote Jono Report Post Thanks(0) Quote Reply Posted: 21 May 2008 at 6:15pm
	Hi Brent, Yes the "guest" facility is effectivly disabled, but this is because it is designed to get your logon information (AD credentials) from your web browser. It is possible to prompt the user for their AD username/password on a web page and utilise this to logon (I've written several application that use this approach - but not modified Web Wiz) and this would therefore allow guest accounts. It would require a bit of work to enable this (i.e disable any IIS authentication and then authroise against AD or the local WWF database). As for Administrators, yes you can only have one and this is the recommended setting. The moderators can perform must functions and I suspect you'd want to keep the Admin account to yourself. I put it in the documention as it caught me out and I had to ask Bruce for help! Glad you've got it going.

Post Reply

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum