Active Directory (AD) Integration

Active Directory is a directory service developed by Microsoft for Windows domain networks.

Integrating with Active Directory means:

  • Importing users from AD into the Dynamicweb database
  • Validating user credentials when a user connects to your website

Setting up AD integration involves:

  • Downloading and installing the AD Integration web service
  • Creating a Data Integration job in Dynamicweb to import users from AD
  • Setting up External Authentication in Dynamicweb

Here’s how!

In order to setup integration with Active Directory, you must first install the AD Integration web service on a server which has access to the AD server.

The web service is used by Dynamicweb for both importing users from AD and validating frontend logins against the AD records.

To do so:

  • Download the AD Integration project from the downloads page
  • Open the IIS Manager and click Conent ViewAdd new website in the right menu – for the Physical path select the folder with the web service source files (Figure 2.1)
Figure 2.1 Installing the AD Web Service
  • Click Edit bindings in the right menu and fill the information as shown in Figure 2.2
Figure 2.2 Intalling the AD Web Service

Next, edit the web service web.config file settings:

  • Add your domain, user name and password for the user that has permissions to query your Active Directory. If you want to secure the data that is transferred from AD to DW you could specify a “SecurityToken” string which will be used for encrypt/decrypt data.
  • In the “GroupsToSkip” field you could enumerate the groups that you don’t want to get the users from, separated by “,”
  • In the “LimitToGroups” you could enumerate only the groups that you want to import users from, seperated by “,”

You will now be able to connect to your AD web service using an URL in the format of http://yourwebsitename/ADIntegrationService.asmx

<appSettings> <add key="Domain" value="dynamic-systems.lan" /> <add key="UserName" value="dbe@dynamicweb-cms.com" /> <add key="Password" value="" /> <add key="SecurityToken" value="" /> <add key="GroupsToSkip" value=" " /> </appSettings>

Next, you must create a data integration job for importing your users from AD:

  • Go to Settings > Integration > Data Integration
  • Click New activity from template
  • Select ErpUserImport
  • Name the activity
  • Click OK and Save

Then you must configure a scheduled task for importing data from AD.

To set up a scheduled task for importing data from AD:

  • Go to Settings > Integration > Integration Framework Batch
  • Click Add
  • Select the Active Directory Data Addin type and fill in the details as in Figure 4.1
Figure 4.1 Setting up a batch integration job

The details you need to fill in are:

  • The web service URL is the url to the ADIntegrationService.asmx file you set up earlier
  • The Security key should match the string you optionally set up for the AD service Security Token web.config option – it is used to decrypt data coming from AD
  • Users import activity should be the set to the Data Integration job you created in before
  • The AD Destination group should be set to the user group where you want to import your AD users and user groups to

Click Save & Close to return to the scheduled task list, from which you can run the integration job.

This takes care of importing your AD users – now you must setup your frontend to use Active Directory login. 

To set up external authentication when a user logs in to your frontend you must:

  • Create and configure an external login provider
  • Render an AD login button in frontend

To create and configure the external login provider:

  • Go to Settings > Control Panel > External Authentication
  • Click Add to create a new login provider
  • Select Active Directory Login in the type dropdown
  • Enter the path to the ADIntegrationService.asmx file in the web service URL field
  • In the security key field enter the security token string from your web.config file

Save and close the provider.

In frontend, you can now render a login button for AD login, as in the following example:

 

<!--@If(Global:Extranet.UserID==0)--> <h3><!--@Translate(CustomerLogin, 'Customer login')--></h3> <div class="login-box-mode" data-login-box-mode="login"> <!--@If(Global:Extranet.UserID==0)--> <!--@If(Server:Request.username<defined> || Server:Request.password<defined>)--> <div class="loginbox-login-failed alert alert-error"> <!--@Translate(Invalid_username_or_password, "Invalid username or password")--> </div> <!--@Else--> <div class="loginbox-login-failed alert alert-error"> <!--@DW_extranet_error_uk--> </div> <!--@EndIf--> <!--@EndIf--> <form name="loginForm" class="form-horizontal" method="post" onsubmit=""> <input type="hidden" name="ID" value="<!--@Global:Page.ID-->" /> <div class="control-group"> <input type="text" id="login-username" name="username" spellcheck="false" placeholder="<!--@Translate(Username, 'Username')-->" value="<!--@If(Server:Request.username<defined>)--><!--@Server:Request.username--><!--@EndIf-->" /> </div> <div class="control-group"> <input type="password" id="login-password" name="password" placeholder="<!--@Translate(Password, 'Password')-->" value="<!--@If(Server:Request.password<defined>)--><!--@Server:Request.password--><!--@EndIf-->" /> </div> <input type="submit" value="Login" onclick="document" /> <!--@LoopStart(DWExtranetExternalLoginProviders)--> <!--@HeaderStart--> <h3><!--@Translate(External_account_log_in, "External account log in")--></h3> <table border="0" cellpadding="5"> <tr> <th><!--@Translate(Provider_name, "Provider name")--></th> <th></th> </tr> <!--@HeaderEnd--> <tr> <td><!--@ProviderName--></td> <td> <!--@If(ProviderType=="Active Directory Login")--> <a onclick="if (document.loginForm != null) { document.loginForm.action = '/Admin/Public/Social/ExternalLogin.aspx?action=login&providerID=<!--@ProviderID-->'; document.loginForm.submit(); };" style="cursor:pointer; font: normal 12px Arial; text-decoration: none; background-color: #EEEEEE; color: #333333; padding: 2px 6px 2px 6px; border: 1px solid #CCCCCC;"> <!--@ProviderType--> </a> <!--@Else--> <a href="/Admin/Public/Social/ExternalLogin.aspx?action=login&providerID=<!--@ProviderID-->" style="font: normal 12px Arial; text-decoration: none; background-color: #EEEEEE; color: #333333; padding: 2px 6px 2px 6px; border: 1px solid #CCCCCC;"> <!--@ProviderType--> </a> <!--@EndIf--> </td> </tr> <!--@FooterStart--> </table> <!--@FooterEnd--> <!--@LoopEnd(DWExtranetExternalLoginProviders)--> </form> </div> <br /> <!--@Else--> <a class="btn" href="/Admin/Public/ExtranetLogoff.aspx?ID=<!--@DwPageID-->"><!--@Translate(Logout, 'Logout')--></a> <!--@EndIf-->