Configuring Active Directory Membership

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Saturday, October 5, 2013PrintSubscribe
Configuring Active Directory Membership

Code On Time web application generator allows using Microsoft Active Directory for authentication and role membership.

Configuring Active Directory Authentication

Create a new Web Site Factory application. When configuring the Authentication and Membership screen, click the checkbox next to “Enable Active Directory authentication…”. The Active Directory Configuration textbox will be displayed below the checkbox with a sample configuration.

Enabling Active Directory authentication and role provider and specifying the configuration properties.

Replace the highlighted values in the picture above with the address of the server and login details of the administrative account that will be used for interaction with the Active Directory.

An example of an actual Active Directory configuration.

Specify the type of the store which the principal belongs (ApplicationDirectory, Domain, or Machine) by adding the “Context Type = [Type]” line. If not specified, a context type of Machine will be assumed.

Additional Active Directory Membership Provider  configuration properties may also be specified in the format “Property Name = Value”.

Continue to generate the web application. You may now log in using your AD credentials. Note that the first login may take some time to complete. A dynamic wait indicator will be displayed as the request is being processed.

Logging into the web app using AD credentials.

User Roles

Interactions with the Active Directory may be time-consuming. The application will cache roles obtained from the Active Directory for 10 minutes by default.

You can also specify a custom blacklist and whitelist to limit the roles that are recognized by the application.

The following configuration properties control role management.

Property Description Default Value
Enable Role Cache This property will enable or disable caching of user roles. True
Role Cache Time In Minutes This property specifies the length of expiration for cached user roles. 10
Role Blacklist Specifies an optional list of roles that will not be recognized by the application.  
Role Whitelist Specifies an optional list of roles. The application will recognize only the roles listed in the whitelist if this list is not empty.  

The properties can be specified in the Active Directory configuration as shown in the picture below:

Example of role configuration properties.

The following Active Directory roles assigned to user accounts are blacklisted by default. The property Role Blacklist will extend the default exceptions.

Domain Guests
Domain Computers
Group Policy Creator Owners
Guests
Domain Users
Pre-Windows 200 Compatible Access
Exchange Domain Servers
Schema Admins
Enterprise Admins
Domain Admins
Cert Publishers
Backup Operators
WINS Users
DnsAdmins
DnsUpdateProxy
DHCP Users
DHCP Administrators
Exchange Services
Exchange Enterprise Servers
Remote Desktop Users
Network Configuration Operators
Incoming Forest Trust Builders
Performance Monitor Users
Performance Log Users
Windows Authorization Access Group
Terminal Server License Servers
Distributed COM Users
MTS Impersonators
Everyone
LOCAL
Authenticated Users