Configuring Active Directory Authentication
Create a new Web Site Factory application. When configuring the Authentication and Membership screen, click the checkbox next to “Enable Active Directory authentication…”. The Active Directory Configuration textbox will be displayed below the checkbox with a sample configuration.
Replace the highlighted values in the picture above with the address of the server and login details of the administrative account that will be used for interaction with the Active Directory.
Specify the type of the store which the principal belongs (ApplicationDirectory, Domain, or Machine) by adding the “Context Type = [Type]” line. If not specified, a context type of Machine will be assumed.
Additional Active Directory Membership Provider configuration properties may also be specified in the format “Property Name = Value”.
Continue to generate the web application. You may now log in using your AD credentials. Note that the first login may take some time to complete. A dynamic wait indicator will be displayed as the request is being processed.
Interactions with the Active Directory may be time-consuming. The application will cache roles obtained from the Active Directory for 10 minutes by default.
You can also specify a custom blacklist and whitelist to limit the roles that are recognized by the application.
The following configuration properties control role management.
|Enable Role Cache||This property will enable or disable caching of user roles.||True|
|Role Cache Time In Minutes||This property specifies the length of expiration for cached user roles.||10|
|Role Blacklist||Specifies an optional list of roles that will not be recognized by the application.|
|Role Whitelist||Specifies an optional list of roles. The application will recognize only the roles listed in the whitelist if this list is not empty.|
The properties can be specified in the Active Directory configuration as shown in the picture below:
The following Active Directory roles assigned to user accounts are blacklisted by default. The property Role Blacklist will extend the default exceptions.
Group Policy Creator Owners
Pre-Windows 200 Compatible Access
Exchange Domain Servers
Exchange Enterprise Servers
Remote Desktop Users
Network Configuration Operators
Incoming Forest Trust Builders
Performance Monitor Users
Performance Log Users
Windows Authorization Access Group
Terminal Server License Servers
Distributed COM Users