Forms authentication from AD
Sense/Net 6.0 provides a way to authenticate users against an Active Directory even when using Forms authentication (instead of using Windows Integrated authentication). This means that when a portal user logs in with Forms authentication his/her password is checked against the user's password set in an Active Directory server and not against the one given on the portal.
The settings for forms authentication from AD be found in the sensenet/formsAuthenticationFromAD section of the web.config. Below you can see a fully featured skeleton of sensenet/formsAuthenticationFromAD section of the web.config:
<sensenet> <formsAuthenticationFromAD> <authSettings> <authSetting domain="" adServer="" virtualADUser="" customLoginProperty="" customADAdminAccountName="" customADAdminAccountPwd="" /> </authSettings> </formsAuthenticationFromAD> </sensenet>
You will also have to enable the DirectoryProvider in the web.config appsettings:
<add key="DirectoryProvider" value="SenseNet.DirectoryServices.ADProvider" />
The following settings can be customized with the <authSetting> node:
- domain: the domain to be used with AD authentication.
- adServer: address of Active Directory server.
- virtualADUser: when this attribute is set to true AD users don't need to be synced to portal to log in - when an AD user logs into the portal a special user is loaded (/Root/IMS/BuiltIn/Portal/VirtualADUser) and user properties are synced instantaneously in-memory (but no user is created on the portal) (optional).
- customLoginProperty: set it to the custom AD property used for authentication instead of login name (for example email) (optional).
- customADAdminAccountName: this property holds information about the user having sufficient rights to retrieve information from AD (optional).
- customADAdminAccountPwd: password of previously defined customADAdminAccountName user (optional).
The following xml is a simple example for setting up forms authentication from AD for a specific domain:
<sensenet> <formsAuthenticationFromAD> <authSettings> <authSetting domain="NATIV" adServer="192.168.0.75" /> </authSettings> </formsAuthenticationFromAD> </sensenet>