1. Home
  2. Categories
  3. Support
  4. ProGet multiple domain integrated authentication

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

ProGet multiple domain integrated authentication

  • R

    Hello,

    I am testing using ProGet 5.2 trial using the Active Directory with Multiple Domains option. We are trying to get this to work with not only the domain the ProGet server is hosted on (Domain A users), but also to allow authentication with a 2nd domain (domain B users). There is a two way trust between these domains.

    The setup looks good... I can assign privileges from users in both domains. The problem seems to be integrated authentication but only for domain B users. Domain A users integrated authentication works perfectly. Domain B users the page says "You are browsing as the anonymous user, therefore certain functionality may be missing. Click the User Icon in the top right to log in."

    The thing is if I go click the user icon and try to log in using domain B user's credentials it logs in just fine. So authentication works, just not integrated authentication.

    In IIS only Window's authentication is enabled. Anonymous / forms is disabled. I've also verified Internet Explorer security settings to make sure the page is being seen as local intranet zone to allow integrated authentication, and not going through a proxy.

    I found another post that talked about a /debug/integrated-auth page. When I navigate to this page, for both Domain A and Domain B users I see that it shows integratedauthenabled = true, LOGON_USER has the correct logged on user. I can also see that it is reporting "user found" for both domain a and domain b user accounts. The difference is for Domain B user's HttpContext.User.Identity.IsAuthenticated = false.

    I was curious if anyone had any more troubleshooting tips for this situation?

    Thanks,
    Ryan

    0
  • atripp
    inedo-engineer

    hi Ryan,

    Can you try Active Directory (New)? The Active Directory with Multiple Domains will be deprecated in 5.3, and the code behind the scenes is totally different anyways. So, it might behave differently.

    Regardless, based on what you wrote, it seems to be a problem of NETBIOS mapping.

    Basically, the LOGON_USER string contains DOMAIN\username, and ProGet needs map DOMAIN to the actual domain. Sometimes the automatic querying doesn't work (permissions, not configured on domain, etc), so you can specify it in an advance property in the Active Directory (New) provider.

    So please try this if it doesn't work once switching to Active Directory (New).

    0
  • R

    I had phrased that wrong. It should have been said that I'm trying to get multiple domains working using the Active Directory (New) directory.

    I found the NetBIOS name mapping settings and this resolved my issue. Thanks for the help!

    Ryan

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation