Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    ProGet multiple domain integrated authentication

    Scheduled Pinned Locked Moved Support
    3 Posts 2 Posters 14 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      ryan.dick_9361
      last edited by

      Hello,

      I am testing using ProGet 5.2 trial using the Active Directory with Multiple Domains option. We are trying to get this to work with not only the domain the ProGet server is hosted on (Domain A users), but also to allow authentication with a 2nd domain (domain B users). There is a two way trust between these domains.

      The setup looks good... I can assign privileges from users in both domains. The problem seems to be integrated authentication but only for domain B users. Domain A users integrated authentication works perfectly. Domain B users the page says "You are browsing as the anonymous user, therefore certain functionality may be missing. Click the User Icon in the top right to log in."

      The thing is if I go click the user icon and try to log in using domain B user's credentials it logs in just fine. So authentication works, just not integrated authentication.

      In IIS only Window's authentication is enabled. Anonymous / forms is disabled. I've also verified Internet Explorer security settings to make sure the page is being seen as local intranet zone to allow integrated authentication, and not going through a proxy.

      I found another post that talked about a /debug/integrated-auth page. When I navigate to this page, for both Domain A and Domain B users I see that it shows integratedauthenabled = true, LOGON_USER has the correct logged on user. I can also see that it is reporting "user found" for both domain a and domain b user accounts. The difference is for Domain B user's HttpContext.User.Identity.IsAuthenticated = false.

      I was curious if anyone had any more troubleshooting tips for this situation?

      Thanks,
      Ryan

      1 Reply Last reply Reply Quote 0
      • atrippA Offline
        atripp inedo-engineer
        last edited by

        hi Ryan,

        Can you try Active Directory (New)? The Active Directory with Multiple Domains will be deprecated in 5.3, and the code behind the scenes is totally different anyways. So, it might behave differently.

        Regardless, based on what you wrote, it seems to be a problem of NETBIOS mapping.

        Basically, the LOGON_USER string contains DOMAIN\username, and ProGet needs map DOMAIN to the actual domain. Sometimes the automatic querying doesn't work (permissions, not configured on domain, etc), so you can specify it in an advance property in the Active Directory (New) provider.

        So please try this if it doesn't work once switching to Active Directory (New).

        1 Reply Last reply Reply Quote 0
        • R Offline
          ryan.dick_9361
          last edited by

          I had phrased that wrong. It should have been said that I'm trying to get multiple domains working using the Active Directory (New) directory.

          I found the NetBIOS name mapping settings and this resolved my issue. Thanks for the help!

          Ryan

          1 Reply Last reply Reply Quote 0

          Hello! It looks like you're interested in this conversation, but you don't have an account yet.

          Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

          With your input, this post could be even better 💗

          Register Login
          • 1 / 1
          • First post
            Last post
          Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation