I have finaly got Time Tracker 2 to use active directory...sort of :)

It is at the point where it lists all user objects in AD.  However it does not populate the users table or allow you to log in with your AD account.  Does anyoneknow how I can impliment this?

I have pasted my web.config below and changed the username and password used in it.   As you can see it is using the Active Directory membership provider.  However as mention earlier is is only allowing Time Tracker to look at Active Directory, it is not actualy allowing you to log in with it yet. 

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
 <connectionStrings>
  <remove name="LocalSqlServer" />
  <add name="LocalSqlServer" connectionString="server=HQ01;uid=TimeTrackerUser;pwd=password;database=TimeTracker2" />
  <add name="aspnet_staterKits_TimeTracker" connectionString="server=HQ01;uid=TimeTrackeruser;pwd=password;database=TimeTracker2" />
  <add name="ADConnectionString" connectionString="LDAP://HQ01/CN=Users,DC=hq,DC=essential,DC=co,DC=uk" />
 </connectionStrings>
 <system.web>
  <authorization>
   <deny users="?" />
  </authorization>
  <membership defaultProvider="MyADMembershipProvider">
   <providers>
    <remove name="AspNetSqlMembershipProvider" />
    <add connectionStringName="ADConnectionString" connectionUsername="domain\username"
     connectionPassword="password" enableSearchMethods="true"
     attributeMapUsername="sAMAccountName" name="MyADMembershipProvider"
     type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   </providers>
  </membership>
  <siteMap defaultProvider="AspNetXmlSiteMapProvider" enabled="true">
   <providers>
    <clear />
    <add name="AspNetXmlSiteMapProvider"
     type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
     siteMapFile="web.sitemap"
     securityTrimmingEnabled="true"  />
   </providers>
  </siteMap>
  <authentication mode="Forms">
   <forms name=".ADAuthCookie" loginUrl="~/TimeTracker/login.aspx"
    timeout="10" />
  </authentication>
  <compilation debug="false" />
  <customErrors mode="RemoteOnly"/>
  <machineKey decryptionKey="AutoGenerate,IsolateApps"/>
  <roleManager enabled="true" />
 </system.web>
</configuration>

Just see this link ,

Hope it will help you http://www.15seconds.com/issue/020730.htm

Update:

Not only does my Timetracker read from AD, if I create a new user, it creates the account in AD and not the timetracker database.  I am scratching my head now.

started with time tracker 2 today.. i'm having the same problem as you.. have you solve it?

thanks

Have you seen that link, I posted in the forums..?

Curious if you have an update on this or what you figured out?  I've looked a little at the 15 seconds article, but don't see that much relevance (also seems a little out of date)

I'm trying to do essentially 'pass-through' authentication. The only thing I want AD to do is authenticate the user. Their info. in the TIme Trakcer DB should be used otherwise.  Currently, I can see on the AD machine with the DC, that there are 'successes' on the logins, but on the app. machine, I am still getting authorization failures.  'URL authorization failed for the request'  is the error message when looking in the event viewer >> application

I have:

<connectionStrings>
    <remove name="LocalSqlServer" />
    <add name="LocalSqlServer" connectionString="server=SQL;uid=IDHERE;pwd=#########,database=DBNAME" />
    <add name="aspnet_staterKits_TimeTracker" connectionString="server=SQL;uid=IDHERE;pwd=########;database=DBNAME" />
    <add name="ADConnectionString" connectionString="LDAP://DCMACHINE/CN=Users,DC=path,DC=to,DC=dc" />
</connectionStrings>

        ... and ...

<system.web>

.... 

 <authentication mode="Windows" />


<authorization>
    <deny users="?"/>
</authorization>

...

</system.web>

I'll admit that I don't have my head fully wrapped around membership providers yet ... could that be my problem?

I've made the same changes, but first I've created a user with "administrative power" like this: <domain>\<username>

 Then I changed the "authentication mode" to windows and could enter with no problems.

 all the users I have to create like the example. working on a "if ( user doens't exist, then create like consultant )"

 I also need a "edit user" screen with permissions. And it would be perfect :)

Take also a look to this thread: http://forums.asp.net/t/941943.aspx?PageIndex=1

Is an admin. user necessary  just for authenticating to AD?  Is there some lesser account type that will allow a compare? I don't want it creating accounts or modifying them in AD.  I did get that part working later, but the role provider was messed up still.

 And the trials and trib's thread/posting is indeed very helpful.
 

jwasp:

Is an admin. user necessary  just for authenticating to AD?  Is there some lesser account type that will allow a compare? I don't want it creating accounts or modifying them in AD.  I did get that part working later, but the role provider was messed up still.

 And the trials and trib's thread/posting is indeed very helpful.
 

it hasn't to be an Admin form de AD or Workstation, just has to be an Admin in the Time Tracker, so, when you switch to Authentication= windows, You can later create more users

At least this is how far i get till know.

See the link for more details

http://forums.asp.net/t/941943.aspx

I have tested the active directory login for the doman user but when AD user login what is the benfits to create user if all users already exist in AD ?

another thing is will the ActiveDirectory mebmership provider will stor the AD  user to show them when needed to add in any created project ? or its just for purpous of login and an internal user must be created ... im confusied !!

I found one link about configuration of ActiveDirectory mebmership provider

http://blogs.msdn.com/gduthie/archive/2005/08/17/452905.aspx

well , finaly i was able to access the site using AD membership provider, but the qestion still rised , and i guss i have alot if modification to do to handel he user roles and to assign these users. and way here is complete help about how i configured AD :

<system.web>

   </authentication>

  <deny users="?"/>

</authorization>

<providers>

    type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

    attributeMapUsername="sAMAccountName"

   connectionUsername="User@Domain.com"

</providers>

</membership>

Dont for get to add asp.net 2 login control.

See here http://forums.asp.net/t/1263125.aspx