跳到主要內容

DotNetNuke 4.3.3 Active Directory 整合認證

花了一整天的功夫,終於搞定DotNetNuke 4.3.3 的Windows Authentication,也就是Active Directory 整合認證。

照著Project ::Active Directorydavid@newcovenant.com的說明,做到第17步時發生問題,是因為我把<impersonate="true">也uncomment,這行不能啟動,否則sql express無法使用。

接下來做到第21步時出現錯誤,原因是AD的帳號沒有讀取到Name的資料,值為Null,必須patch source code,方法如下:
先下載DotNetNuke_4.3.3_Source.zip解開,
將 Library\Controls\DataGrids\TextColumnTemplate.vb 第182行
itemValue = DataBinder.Eval(container.DataItem, DataField).ToString()
改成以下4行
Try
itemValue = DataBinder.Eval(container.DataItem, DataField).ToString()
Catch
itemValue = Null.NullString
End Try

再重新編譯就行了。


看來目前.Net上Opensource的專案成熟度仍然太差,缺少像Xoops、JBoss這種Killer AP,而且參與人數也太少。

最後把David的27個步驟貼在後面:
1. For a fresh install, just go to the next step. If it's an upgrade, follow Tam Tran's instructions about the database entry, and the file deletion post above. Ignore the rest.
2. In IIS, open Properties on the web site or Virtual Directory > Directory Security tab > Edit button. Uncheck "Anonymous access" and "OK" your way out.
3. In Web.config, comment OUT the Windows Authentication block. Uncomment the Forms Authentication block.
4. Uncomment the "Authentication" item under "httpModules."
5. Log in with admin account.
6. Go to Admin > Authentication.
7. Check "Windows Authentication?"
8. Check "Synchronize Role?" if you want AD groups sync'ed. (Don't ask me if this doesn't work. Report it as a bug to Tam Tran.)
9. Leave "Provider:" at the default. There's normally only one choice, anyway.
10. Choose "Authentication Type." "Delegation" is a good choice in most cases.
11. "Root Domain:" If you want to authenticate and get groups from the Root forest, then leave this blank. Otherwise, enter the LDAP path to your desired AD tree. Use this format: "LDAP://dc=com,dc=this,dc=that." Using "LDAP://" in the entry overcomes a bug that exists.
12. In most circumstances, you can leave "User Name" and "Password" and "Confirm Password" blank. These are supposed to be for an account that has "Read" access to the active directory. In most cases, EVERY account has read access. So leaving these blank will cause DNN to use your domain account to read the directory.
13. Click "Update." You will get an error message at the next screen. That's OK. Your entries just went into the ModuleSettings table of the database.
14. Log out, and close the browser.
15. Open Web.config, and uncomment the Windows Authentication block. Comment OUT the Forms Authentication block.
16. Save web.config.
17. Open a browser and point it at the site. You should see that the "Login" link says "Logout." This indicates that you were automatically logged in using your AD account. You won't be able to do anything here but browse public pages. But in the background, a user account was created for you, like "domain\username."
18. Close the browser.
19. Open web.config. Disable Windows Authentication and enable Forms Authentication. Save web.config.
20. Open a browser and point it at the site. Log in as Admin.
21. Go to Admin > User Accounts. Click the "all" link. You should see your "domain\username" account in the list.
22. Click the pencil next to that account.
23. Click "Manage Roles for this User."
24. Add this user account to the "Administrators" Role.
25. Log out, and close the browser.
26. Open web.cofig. Last time, I promise. Enable Windows Authentication and disable Forms Authentication. Save web.config.
27. Open a browser and point it at the site. Now you should not only see "Logout" at the Login link, but you should also be able to use the "Admin" menu.

留言

這個網誌中的熱門文章

自然人憑證讀卡機驅動程式

鳥毅用的是第一代的自然人憑證讀卡機,EZ100PU(後來有同事買EZmini可以讀SIM卡似乎更好),每年報稅時用一次。 本來只是要申請些政府業務,一時之間找不到光碟,沒想到在 驅動程式下載 居然看到Linux和Mac的驅動程式,剩下的就是政府單位的網頁和程式應該改版了吧!!!

在Windows Server設定L2TP over IPSec VPN

簡單地說,macOS Sierra與iOS 10發表後,大家忽然發現Apple不再支援PPTP,所以一定得設定其他的VPN型態。若不要另外裝client,用L2TP是最方便的,SSL VPN雖然好,但若沒有安裝Agent要連線到任一電腦或是非網頁服務還是挺麻煩的。