跳到主要內容

DotNetNuke 4.3.3 Active Directory 整合認證

花了一整天的功夫,終於搞定DotNetNuke 4.3.3 的Windows Authentication,也就是Active Directory 整合認證。

照著Project ::Active Directorydavid@newcovenant.com的說明,做到第17步時發生問題,是因為我把<impersonate="true">也uncomment,這行不能啟動,否則sql express無法使用。

接下來做到第21步時出現錯誤,原因是AD的帳號沒有讀取到Name的資料,值為Null,必須patch source code,方法如下:
先下載DotNetNuke_4.3.3_Source.zip解開,
將 Library\Controls\DataGrids\TextColumnTemplate.vb 第182行
itemValue = DataBinder.Eval(container.DataItem, DataField).ToString()
改成以下4行
Try
itemValue = DataBinder.Eval(container.DataItem, DataField).ToString()
Catch
itemValue = Null.NullString
End Try

再重新編譯就行了。


看來目前.Net上Opensource的專案成熟度仍然太差,缺少像Xoops、JBoss這種Killer AP,而且參與人數也太少。

最後把David的27個步驟貼在後面:
1. For a fresh install, just go to the next step. If it's an upgrade, follow Tam Tran's instructions about the database entry, and the file deletion post above. Ignore the rest.
2. In IIS, open Properties on the web site or Virtual Directory > Directory Security tab > Edit button. Uncheck "Anonymous access" and "OK" your way out.
3. In Web.config, comment OUT the Windows Authentication block. Uncomment the Forms Authentication block.
4. Uncomment the "Authentication" item under "httpModules."
5. Log in with admin account.
6. Go to Admin > Authentication.
7. Check "Windows Authentication?"
8. Check "Synchronize Role?" if you want AD groups sync'ed. (Don't ask me if this doesn't work. Report it as a bug to Tam Tran.)
9. Leave "Provider:" at the default. There's normally only one choice, anyway.
10. Choose "Authentication Type." "Delegation" is a good choice in most cases.
11. "Root Domain:" If you want to authenticate and get groups from the Root forest, then leave this blank. Otherwise, enter the LDAP path to your desired AD tree. Use this format: "LDAP://dc=com,dc=this,dc=that." Using "LDAP://" in the entry overcomes a bug that exists.
12. In most circumstances, you can leave "User Name" and "Password" and "Confirm Password" blank. These are supposed to be for an account that has "Read" access to the active directory. In most cases, EVERY account has read access. So leaving these blank will cause DNN to use your domain account to read the directory.
13. Click "Update." You will get an error message at the next screen. That's OK. Your entries just went into the ModuleSettings table of the database.
14. Log out, and close the browser.
15. Open Web.config, and uncomment the Windows Authentication block. Comment OUT the Forms Authentication block.
16. Save web.config.
17. Open a browser and point it at the site. You should see that the "Login" link says "Logout." This indicates that you were automatically logged in using your AD account. You won't be able to do anything here but browse public pages. But in the background, a user account was created for you, like "domain\username."
18. Close the browser.
19. Open web.config. Disable Windows Authentication and enable Forms Authentication. Save web.config.
20. Open a browser and point it at the site. Log in as Admin.
21. Go to Admin > User Accounts. Click the "all" link. You should see your "domain\username" account in the list.
22. Click the pencil next to that account.
23. Click "Manage Roles for this User."
24. Add this user account to the "Administrators" Role.
25. Log out, and close the browser.
26. Open web.cofig. Last time, I promise. Enable Windows Authentication and disable Forms Authentication. Save web.config.
27. Open a browser and point it at the site. Now you should not only see "Logout" at the Login link, but you should also be able to use the "Admin" menu.

留言

這個網誌中的熱門文章

自然人憑證讀卡機驅動程式

鳥毅用的是第一代的自然人憑證讀卡機,EZ100PU(後來有同事買EZmini可以讀SIM卡似乎更好),每年報稅時用一次。 本來只是要申請些政府業務,一時之間找不到光碟,沒想到在 驅動程式下載 居然看到Linux和Mac的驅動程式,剩下的就是政府單位的網頁和程式應該改版了吧!!!

DBeaver 介面語言

DBeaver是我個人頗常用的一套跨平台Database管理工具,最近升級後發現Windows版本居然變成簡體中文,而且無法切換為英文。

如何將較高版本SQL Server複製到低版本SQL Server (降級為舊版)並保留權限及資料庫圖表

一般若是要將SQL Server裡的Database轉往其他Server時,最簡單的方式就是備份(Backup)後再還原(Restore),或者是䣃離(detach)後附加(attach)。 但是很不幸地,若是由較低版本(e.g. 2008)到較高版本(e.g. 2012)要怎麼辦呢?