|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
You can configure Gallery Server Pro to use your existing accounts in Active Directory. This allows your users to log in with the same username and password they use to access the network, reducing account duplication and maintenance issues while offering better security. Accounts can be added to roles just like with a regular installation. Step by step instructions are in the Admin Guide in the section Integrate Gallery Server Pro with Active Directory.
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
I installed Pro 2.1 on W2K3 with a local SQL 2K server.
Pro 2.1 works fine with SQL2K and when I tried to modify web.cofig following above steps to access the Active Directory, error show up as:
syntax error at line 141 at the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, cannot find connectionstring "LocalSqlServer".
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
Is that related to the use of SQL Server? SQL is now in mixed mode and I have defined sa passwords during the setup.
|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
It looks like you didn't comment out the SQL Membership provider. Review the steps above to see how to do this (it's near the beginning).
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
On the contrary, it seems the above error happened after I have commented out the <membership defaultProvider="SqlMembershipProvider"> section. If the <membership defaultProvider="AspNetActiveDirectoryMembershipProvider"> section was added without commenting the defaultProvider="SqlMembershipProvider" section, the error shown was the repeating error of defaultProvider="AspNetActiveDirectoryMembershipProvider">
I tried to run the installer again using sa passwords and explicit IP addresses for SQL server, it runs well at default installation. However I cannot get through the web.config once editing the membership section for AD membership.
I'm now using the web_sqlserver_3.5.config as the installation template for web.config. The W2k3 server runs on .Net3.5 SP1.
Appreciate if any more clues can be provided.
|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
Why do you have a provider named AspNetSqlMembershipProvider? Seems to me you should only have one membership provider specified in web.config, and it should be named AspNetActiveDirectoryMembershipProvider.
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
Looks like AspNetSqlMembershipProvider comes default in machine.config. The machine.config shown was located in the .NET Framework2.0 folder (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config). There was no such membership providers in the web.config.
|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
Oh, I see. Add a <clear /> to the membership section so that it is not inherited from the parent config file. I edited the original topic to include it, so refer to it to see how it is done.
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
Thank you, <clear/> solves the error.
Now I am stucked at the AspNetActiveDirectoryMembershipProvider line. How can I determine the correct version number of the webserver? I tried 2.0.0.0 and 2.0.3600.0 and don't know if the version number is giving the error.
|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
I am sorry, but I don't know the answer to that. You'll have to google around.
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Advanced Member
Joined: 8/6/2007 Posts: 109 Location: England
|
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
Thank you Sam, Actually I tried 2.0.50727.0 or 2.0.5072.7 but error remains the same as using 2.0.0.0 etc. It looks like this section only accepts version number in x.x.x.x format such that the numbers shown on the properties of ASP.net 2.050727 will not work directly as the version number.
This is exactly the the line in the membership defaultProvider section <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" enableSearchMethods="true" connectionUsername="helpdesk@mydomain.com connectionPassword="password"/>
The webserver (not a member in the domain) has full network access rights to the domain controller and the username and password should be working over drive mapping test.
This is what is added section in <connectionStrings>
<add name="ADConnection" connectionString="LDAP://10.8.0.14/CN=users,DC=mydomain.com,DC=MYDOMAIN,DC=com"/>
The LDAP for the domain controller should be working well as I have other LDAP clients accessing the Windows 2K3 Domain user database over LDAP.
Error show was at the line in <add name="AspNetActiveDirectoryMembershipProvider"...
Any suggestion appreciated.
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
I noticed the version number was also shown on the bottom the debug page as 2.0.50727.3053 (although 3053 was not shown in the properies of the website).
I put in this version number and error remain the same. (I assume this version number is right)
If I removed the "connectionUsername=..." section, the debug page will show unable to establish secure sever connection.
|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
I opened Win Explorer on my Win Server 2008 machine (.NET 3.5 SP1) and navigated to C:\Windows\assembly\ to take a look at System.Web.dll. There it is reported to have version 2.0.0.0. I would expect - but am not sure - that you want to make sure web.config matches this number. You will also see the PublicKeyToken in this directory, so make sure that matches as well.
Perhaps you have another issue altogether. If you provide the error message we'll try to give you a hand.
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
Thank you very much Roger. The System.Web.dll showed the same token and version 2.0.0.0.
If the password username and password were right, the only error message shown was server returned a reference, error at source D:\Websites\PhotoGallery\web. line 94 <add name="AspNetActiveDirectoryMembershipProvider...
An interesting thing is that when I enter a wrong user password, it will return error saying "unable to establish secure server connection"
Looks like the authentication did happened the Active Directory Level.
|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
Please provide the full text of the error message, including the call stack (stack trace) if shown. I can't google for help based on what you provided.
I agree that it looks like AD is authenticating, so you are making progress...
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
Hope this will provide some clues
When password is right:
Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: A referral was returned from the server.
Source Error:
Line 92: <providers> Line 93: <clear/> Line 94: <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" enableSearchMethods="true" connectionUsername="helpdesk@mydomain.com" connectionPassword="********"/> Line 95: </providers> Line 96: </membership>
Source File: D:\Websites\PhotoGallery\web.config Line: 94
Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
This is the error when I the password was wrong Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Unable to establish secure connection with the server
Source Error:
Line 92: <providers> Line 93: <clear/> Line 94: <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" enableSearchMethods="true" connectionUsername="helpdesk@mydomain.com" connectionPassword="**wrong**"/> Line 95: </providers> Line 96: </membership>
Source File: D:\Websites\PhotoGallery\web.config Line: 94
Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053
|
|
Rank: Administration
Joined: 8/3/2007 Posts: 1,993 Location: Fort Atkinson, WI
|
There are a lot of Google hits on that error. This one says the AD connection string may be incorrect. You didn't provide your connection string, so I can't tell if it is right. Even if you did provide it, I still might not be able to tell if it is correct, since I don't know your network. You might try putting together a little .vbs script to test your connection string, or do some other test to verify the string. That will narrow down the cause between GSP and your connection string. You also might review the Google hits on that error. I only looked at the first few...
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/29/2008 Posts: 8 Location: Shanghai
|
Great thanks!! You are absolutely right about the connection string being incorrect. The Windows domain name I was using was seperated by two dots.
Domain name: mydomain.com.cn DC server name: myserver Domain controller IP: 10.8.0.14
So instead of this LDAP://10.8.0.14/CN=Users,DC=mydomain.com.cn,DC=myserver,DC=COM"/
become the working string like this
LDAP://10.8.0.14/CN=Users,DC=mydomain,DC=COM,DC=CN"/
By the way the GSP server is not a member server in the domain.
Now I'll proceed with assigning user roles. Appreciate you help again!
|
|
Rank: Newbie
Joined: 12/3/2008 Posts: 1 Location: Kansas City
|
Thanks for all that you've done with this product. Has anyone had any luck integrating this into an AD structure with a parent + subdomain structure? Or is there a way to authenticate through the top-most domain down through the child?
|
|
|
Guest |