Active Directory

Topics: Core, Customizing Orchard
Oct 5, 2014 at 3:38 PM
Hi, I am a consultant trying to implement Orchard in an Intranet environment. I have seen a few threads about Active Directory, but unfortunately, none have lead to a solution to an issue that I have. That is to have a connection with Active Directory for the users en groups. By the looks of it, the ActiveDirectory implementation of Moov does everything I need it to do, however I cannot get it to work with Orchard 1.8.1, the Aristotlenet version does work for me but lacks a function and that is to automatically log people on, based on their windows credentials and sync the groups effectively.

Is there any chance in the near future that Orchard gets an Active Directory module out of the box? Every Intranet admin/consultant would like to have that.

The AD module by Moov causes a reload of the instantiation of the custom Authorizer and Authenticationservice classes by the AutoFac module which I cannot seem to be able to fix, probably due to lack of understanding; help with that issue would also be apprieciated.

Oct 6, 2014 at 9:38 AM
An update from my side:

In the github tree there was a fork to a new version of the ActiveDirectory module that works out of the box. Peter directed me to it so in order to solve the issue download the module from here:

Marked as answer by roderikkruijt on 10/6/2014 at 2:38 AM
Nov 4, 2014 at 1:24 PM
Edited Nov 4, 2014 at 1:27 PM
Roderik, can I ask you how you got this module to work?
I'm trying to use it as well, but it's not working for me. I have followed the instructions that come with it, but when I load the site, I always get a popup asking for my credentials and when I enable anonymous authentication in IIS, I just don't get logged in. When I debug this, I see that HttpContext.Current.User.Identity.IsAuthenticated is always false and I can't figure out how. I also tried this module, I've tried creating my own version and I've tried several IIS and web.config configurations but I just can't get it work, IsAuthenticated is always false for me. I tried IISExpress and IIS7.5 on my Windows 7 x64 machine. On this machine I'm logged in on our company domain and am trying to use this account to login with Orchard.

I can get Windows Authentication to work when I create an empty non-Orchard web application with Visual Studio, just not with Orchard.
Nov 4, 2014 at 1:55 PM
Ok, I'm a bit further. Apparently it matter what URL or tenant you're using. On my dev environment I also use multiple tenants with urls such has http://customername:30322/, http://test:30322/ etc. On those tenants I still can't get it work, but on my main tenant, which has http://localhost:30322/, I did get it to work. So now I only need to figure out why it is like this, probably some kind of security matter...
Nov 4, 2014 at 2:10 PM
Hi Wallace,

I received the latest version working on 1.8.1 from the developer as mentioned and that was not so hard to make work for me. I do not have a multi tenant implementation though.

First step: I added the groups that my user is part of to the orchard installation (Domain Users), and I linked the administrative capabilities to the groups (so that i would not get locked out).
I then copied the module and went into Orchard and enabled it.
I made the changes in the web.config,
I altered the settings in IIS for the website so that only Integrated Authentication is enabled,
I finally reset IIS and retried to log on and that worked: my user name was imported and linked to the groups I defined.

I hope you can make things work!
Nov 4, 2014 at 3:09 PM
Hi Roderik,

Thanks for your fast reply. I got it working now :). It seems that this is caused by IIS on purpose, to prevent reflection attacks. I can fix the problem on my local machine by adding something to my registry.