I have finaly got Time Tracker 2 to use active directory...sort of :)
It is at the point where it lists all user objects in AD. However it does not populate the users table or allow you to log in with your AD account. Does anyoneknow how I can impliment this?
I have pasted my web.config below and changed the username and password used in it. As you can see it is using the Active Directory membership provider. However as mention earlier is is only allowing Time Tracker to look at Active Directory, it is not
actualy allowing you to log in with it yet.
Not only does my Timetracker read from AD, if I create a new user, it creates the account in AD and not the timetracker database. I am scratching my head now.
Curious if you have an update on this or what you figured out? I've looked a little at the 15 seconds article, but don't see that much relevance (also seems a little out of date)
I'm trying to do essentially 'pass-through' authentication. The only thing I want AD to do is authenticate the user. Their info. in the TIme Trakcer DB should be used otherwise. Currently, I can see on the AD machine with the DC, that there are 'successes'
on the logins, but on the app. machine, I am still getting authorization failures. 'URL authorization failed for the request' is the error message when looking in the event viewer >> application
Is an admin. user necessary just for authenticating to AD? Is there some lesser account type that will allow a compare? I don't want it creating accounts or modifying them in AD. I did get that part working later, but the role provider was messed up still.
And the trials and trib's thread/posting is indeed very helpful.
Is an admin. user necessary just for authenticating to AD? Is there some lesser account type that will allow a compare? I don't want it creating accounts or modifying them in AD. I did get that part working later, but the role provider was messed up still.
And the trials and trib's thread/posting is indeed very helpful.
it hasn't to be an Admin form de AD or Workstation, just has to be an Admin in the Time Tracker, so, when you switch to Authentication= windows, You can later create more users [:)]
gcolyer
Member
10 Points
5 Posts
Active Directory
May 02, 2007 09:24 AM|LINK
I have finaly got Time Tracker 2 to use active directory...sort of :)
It is at the point where it lists all user objects in AD. However it does not populate the users table or allow you to log in with your AD account. Does anyoneknow how I can impliment this?
gcolyer
Member
10 Points
5 Posts
Re: Active Directory
May 02, 2007 04:12 PM|LINK
I have pasted my web.config below and changed the username and password used in it. As you can see it is using the Active Directory membership provider. However as mention earlier is is only allowing Time Tracker to look at Active Directory, it is not actualy allowing you to log in with it yet.
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="server=HQ01;uid=TimeTrackerUser;pwd=password;database=TimeTracker2" />
<add name="aspnet_staterKits_TimeTracker" connectionString="server=HQ01;uid=TimeTrackeruser;pwd=password;database=TimeTracker2" />
<add name="ADConnectionString" connectionString="LDAP://HQ01/CN=Users,DC=hq,DC=essential,DC=co,DC=uk" />
</connectionStrings>
<system.web>
<authorization>
<deny users="?" />
</authorization>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="ADConnectionString" connectionUsername="domain\username"
connectionPassword="password" enableSearchMethods="true"
attributeMapUsername="sAMAccountName" name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<siteMap defaultProvider="AspNetXmlSiteMapProvider" enabled="true">
<providers>
<clear />
<add name="AspNetXmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
siteMapFile="web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/TimeTracker/login.aspx"
timeout="10" />
</authentication>
<compilation debug="false" />
<customErrors mode="RemoteOnly"/>
<machineKey decryptionKey="AutoGenerate,IsolateApps"/>
<roleManager enabled="true" />
</system.web>
</configuration>
chetan.sarod...
All-Star
65839 Points
11163 Posts
Re: Active Directory
May 03, 2007 03:29 AM|LINK
Just see this link ,
Hope it will help you http://www.15seconds.com/issue/020730.htm
Senior Software Engineer,
Approva Systems Pvt Ltd, Pune, India.
gcolyer
Member
10 Points
5 Posts
Re: Active Directory
May 03, 2007 02:51 PM|LINK
Update:
Not only does my Timetracker read from AD, if I create a new user, it creates the account in AD and not the timetracker database. I am scratching my head now.
andre_ars
Member
8 Points
5 Posts
Re: Active Directory
Jun 19, 2007 04:59 PM|LINK
started with time tracker 2 today.. i'm having the same problem as you.. have you solve it?
thanks
chetan.sarod...
All-Star
65839 Points
11163 Posts
Re: Active Directory
Jun 20, 2007 03:20 AM|LINK
Have you seen that link, I posted in the forums..?
Senior Software Engineer,
Approva Systems Pvt Ltd, Pune, India.
jwasp
Member
27 Points
49 Posts
Re: Active Directory
Aug 10, 2007 05:59 PM|LINK
Curious if you have an update on this or what you figured out? I've looked a little at the 15 seconds article, but don't see that much relevance (also seems a little out of date)
I'm trying to do essentially 'pass-through' authentication. The only thing I want AD to do is authenticate the user. Their info. in the TIme Trakcer DB should be used otherwise. Currently, I can see on the AD machine with the DC, that there are 'successes' on the logins, but on the app. machine, I am still getting authorization failures. 'URL authorization failed for the request' is the error message when looking in the event viewer >> application
I have:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="server=SQL;uid=IDHERE;pwd=#########,database=DBNAME" />
<add name="aspnet_staterKits_TimeTracker" connectionString="server=SQL;uid=IDHERE;pwd=########;database=DBNAME" />
<add name="ADConnectionString" connectionString="LDAP://DCMACHINE/CN=Users,DC=path,DC=to,DC=dc" />
</connectionStrings>
... and ...
<system.web>
....
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
...
</system.web>
I'll admit that I don't have my head fully wrapped around membership providers yet ... could that be my problem?
andre_ars
Member
8 Points
5 Posts
Re: Active Directory
Aug 13, 2007 01:06 PM|LINK
I've made the same changes, but first I've created a user with "administrative power" like this: <domain>\<username>
Then I changed the "authentication mode" to windows and could enter with no problems.
all the users I have to create like the example. working on a "if ( user doens't exist, then create like consultant )"
I also need a "edit user" screen with permissions. And it would be perfect :)
Take also a look to this thread: http://forums.asp.net/t/941943.aspx?PageIndex=1
jwasp
Member
27 Points
49 Posts
Re: Active Directory
Aug 13, 2007 04:42 PM|LINK
Is an admin. user necessary just for authenticating to AD? Is there some lesser account type that will allow a compare? I don't want it creating accounts or modifying them in AD. I did get that part working later, but the role provider was messed up still.
And the trials and trib's thread/posting is indeed very helpful.
andre_ars
Member
8 Points
5 Posts
Re: Active Directory
Aug 13, 2007 08:55 PM|LINK
it hasn't to be an Admin form de AD or Workstation, just has to be an Admin in the Time Tracker, so, when you switch to Authentication= windows, You can later create more users [:)]
At least this is how far i get till know.