Base solution for your next web application
Open Closed

LDAP Authentication #168


User avatar
0
mpm created

Halil,

I'm not certain I fully understand how to enable LDAP integration. I've Enabled LDAP in the CoreModule.cs as follows:

//Enable this line to create a multi-tenant application.
//Configuration.MultiTenancy.IsEnabled = true;

//Enable LDAP authentication (It can be enabled only if MultiTenancy is disabled!)
Configuration.Modules.ZeroLdap().Enable(typeof(AppLdapAuthenticationSource));

I'm not sure of the next steps? Do I need to drop in a LdapSettingProvider and LdapSettings class, then call Configuration.Settings.Providers.Add<LdapSettingProvider>?

Are changes needed in the AccountController to support LDAP.

Thanks for your assistance, MPM


9 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    No, that's all. Run the application, login and open settings page, you will see LDAP settings. It's completely integrated to the system. See TenantSettingsAppService to know how to get/set LDAP settings.

  • User Avatar
    0
    hikalkan created
    Support Team

    BTW, LDAP automatically works without configuration if you are in a domain and application has no restriction. Just try to enter with your LDAP user if you are in a domain.

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi again,

    Sorry, I missed to say that "you should enable it on Setting page". See screenshot below:

    [attachment=0:121pq9mp]ldap-settings.png[/attachment:121pq9mp]

    Then you will be able to login with your LDAP (Active Directory) user name and password.

  • User Avatar
    0
    clientfocusdev created

    When you say " application has no restriction" are you meaning there is some setup to allow some defaults to work within the AD configurations?

    I have everything setup now, LDAP is enabled (MT disabled, admin logs in correctly), but when logging into the application with an LDAP account it simply errors with either an internal error or invalid credentials. Does the AD account need to create it's own user in the Iteration Zero project, or are there changes in the Zero Localization files to accommodate AD containers, domains and admin users rights?

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    Can you share exact logged error message (in Logs folder of web project). Did you enter domain, user and password in settings page? It may be because of your domain user has no permission to quest user/pass informations. You may ask to your system administrator.

    Actually, LDAP authenticate check code is very simple. You can see <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/master/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L42">https://github.com/aspnetboilerplate/mo ... rce.cs#L42</a>

    I simple creates a PrincipalContext and uses ValidateCredentials. You can create a simple console app and try it natively.

  • User Avatar
    0
    clientfocusdev created
    ERROR 2015-06-23 13:09:49,494 [292  ] .Mvc.Controllers.AbpHandleErrorAttribute - System.Data.Entity.Validation.DbEntityValidationException: Validation failed for one or more entities. See 'EntityValidationErrors' property for more details.
    

    **EDIT

    This error is with LDAP working, but something else is wrong. I tested with incorrect domain information and got a different error, then with incorrect user information and got a login invalid error. It seems to be working correctly but after it authenticates this error comes up.

    I think I have found out the issue here. I will let you know if I found a fix, thanks.

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    If you can reach to EntityValidationErrors, it can help you to understand the problem better. For that please check this post: <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/62#issuecomment-54001552">https://github.com/aspnetboilerplate/as ... t-54001552</a> Then add a breakpoint in HandleEvent method. When error occurs, this method will handle the exception and you can see all details of the exception on debug.

  • User Avatar
    0
    mpm created

    <cite>hikalkan: </cite> No, that's all. Run the application, login and open settings page, you will see LDAP settings. It's completely integrated to the system. See TenantSettingsAppService to know how to get/set LDAP settings.

    That worked perfectly, thank you.

  • User Avatar
    0
    alukaszewski created

    I'm also trying to get LDAP authentication working, but getting 'an internal error occured during your request' when I enter a valid domain username password.

    Also, I have some questions that are not answered in documentation:

    1. Do I need to configure user accounts within the admin console in advance?
    2. What format should the username be entered? DOMAIN\Username, <a href="mailto:[email protected]">[email protected]</a> ?
    3. How do I govern what pages an ldap authenticated user can access?
    4. What IIS authentication settings should be enabled I use LDAP within Zero? Anonymous? Windows Auth? Both/None?

    Thanks, Andy