AD-Pro Authentication Module: Read First

Avatar
Will Strohl

Overview

AD-Pro Authentication’ is the most powerful Active Directory authentication provider for DNN Platform. 

Leverage the power of Windows Active Directory by integrating DNN, to seamlessly allow your users to login to DNN Platform with their AD credentials.

Ideal for corporate intranets, Internet sites, secure extranets, schools, colleges, and universities.

Requirements

The following prerequisites are necessary to know/consider moving forward:

  • Basic knowledge of DNN Platform administration
  • Access to the DNN installation backend
  • Administrator-level access to your organization's Active Directory
  • Knowledge of IIS (Internet Information Services)
  • Web browser access
  • Login credentials for the DNN instance and AD environment
  • DNN Platform v9.8+
  • .NET Framework 4.7.2+
  • ASP.NET Full Trust levels

Getting Started

Before configuring AD-Pro Authentication, ensure that your DNN platform is installed and accessible. You should also confirm that Active Directory is properly configured and reachable from the web server hosting DNN. Familiarity with IIS and AD structure will significantly ease the setup process.

Comprehensive Guide to AD-Pro Authentication for DNN

1.2. Security concepts

The ‘AD-Pro Authentication’ plugin connects your DNN website with Active Directory through two protocols:

  • LDAP protocol (Lightweight Directory Access Protocol), that is using port number 389.
  • LDAPS, which is also known as LDAP over TLS protocol. It can also utilize the SSL protocol, but SSL is now obsolete. To establish the encrypted connection, certificates are used. And by default, the following ports need to be opened: 636, 2889.

1.3. Before you start

  1. Make all backups, including DNN database and file system.

  2. If “AD-Pro Authentication v2” (previous version of this module) exists - remove it. The previous version isn’t compatible with v3, and it can’t be upgraded.

  3. If "DotNetNuke Auth: Active Directory" exist in DNN Platform, disable that extension, then comment or remove following code snippet from the web.config file:

    <location path="DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx">
    <!-- Disable Forms Authentication -->
    <formsAuthenticationWrapper enabled="false" />
    <system.webServer>
        <security>
        <!-- Enable IIS Windows authentication for the login page -->
            <authentication>
                <windowsAuthentication enabled="true" useKernelMode="false">
                    <providers>
                        <clear/>
                        <add value=”NTLM”/>
                    </providers>
                </windowsAuthentication>
                <anonymousAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>

1.5. Changes made during the module installation process

At the module installation process, following modifications will be automatically done:

  1. In DNN database will be created table GS_ADProAuth_Settings

  2. In DNN file system, under the DesktopModules, will be added folder GS_ADProAuthentication.

  3. In web.config file, under node <configuration><configSections>:

    <section name="formsAuthenticationWrapper" type="Mvolo.Modules.FormsAuthConfigurationSection" />

  4. In web.config file, under node <system.webServer><modules>:

    <remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="Mvolo.Modules.FormsAuthModule" />
<add name="AdProAuthenticationModule"  type="GS.ADProAuthentication. AdProAuthenticationModule, GS.ADProAuthentication" />

  5. In web.config file, at the end of the configuration section following node will be added:

    <location path="DesktopModules/GS_ADProAuthentication/WinAuthSignIn.aspx">
    <!-- Disable Forms Authentication -->
    <formsAuthenticationWrapper enabled="false" />
    <system.webServer>
    <security>
        <!-- Enable IIS Windows authentication for the login page -->
        <authentication>
        <windowsAuthentication enabled="true" useKernelMode="false">
            <providers>
            <clear />
            <add value="NTLM" />
            </providers>
        </windowsAuthentication>
        <anonymousAuthentication enabled="false" />
        </authentication>
    </security>
    </system.webServer>
</location>

Important Notes

  • This module is ideal for secure intranet environments and organizations with centralized user management.
  • Ensure rescue login access is enabled in case of AD misconfiguration, to prevent being locked out of the system.
Have more questions? Submit a request

Need More Help?

Do you need more assistance with this article? Please review your support options.