Configuring Multiple Active Directory domains
The Smartsite Active Directory Membership Provider (Smartsite.Security.Authentication.ActiveDirectoryMembershipProvider) has built-in multi-domain support. Configuration of multiple AD domains takes place in the web.config file.
To allow users from multiple AD domains to log on, a Smartsite AD membership provider needs to be configured for each of the domains. These providers will use different connection strings that must be configured in the connectionStrings section and are referenced by their name.
At runtime, the Membership Provider that is set as the defaultProvider will serve as a proxy, using the membershipMappings section to map a user to the actual provider, based on the information the user provides.
If no domain is specified when logging on (either in the format user@domain or domain\user), the default provider will be used.
Sample configuration
In this case, 2 domains are configured: DOMAIN1 and DOMAIN2. with two separate connection strings:
XML | Copy Code |
---|---|
<connectionStrings> <add name="ADCN1" connectionString="LDAP://DOMAIN1" /> <add name="ADCN2" connectionString="LDAP://DOMAIN2" /> </connectionStrings> |
2 membership providers are that will use each of the connection strings:
XML | Copy Code |
---|---|
<add applicationName="Smartsite" name="ads1" type="Smartsite.Security.Authentication.ActiveDirectoryMembershipProvider, Smartsite.Security" connectionStringName="ADCN1" connectionUsername="administrator" connectionPassword="12345" attributeMapUsername="SAMAccountName"/> <add applicationName="Smartsite" name="ads2" type="Smartsite.Security.Authentication.ActiveDirectoryMembershipProvider, Smartsite.Security" connectionStringName="ADCN2" connectionUsername="administrator" connectionPassword="12345" attributeMapUsername="SAMAccountName" /> |
Finally, a membershipMappings section is added to the Active Directory configuration section to map users logging in from the 2 domains to one of the membership providers:
XML | Copy Code |
---|---|
<Smartsite.ActiveDirectoryConfiguration> (...) <membershipMappings> <add name="mm1" domain="firstdomain.lan" providerName="ads1" /> <add name="mm2" domain="firstdomainalias.lan" providerName="ads1" /> <add name="mm3" domain="otherdomain.com" providerName="ads2" /> </membershipMappings> </Smartsite.ActiveDirectoryConfiguration> |
Finally, the default provider to one of the Active Directory providers is set using the defaultProvider attribute on the membership element:
XML | Copy Code |
---|---|
<membership defaultProvider="ads1" userIsOnlineTimeWindow="15"> |
SmartsiteAccessGroup, ManagerAccessGroup and other settings
Some Smartsite-specific settings, like SmartsiteAccessGroup and ManagerAccessGroup, are configured using the Smartsite.ActiveDirectoryConfiguration section. This section is shared between multiple membership providers, meaning that when using/configuring multiple domains the specified SmartsiteAccessGroup and ManagerAccessGroup must exists on every domain specified.