Active Directory (AD) Integration
Active Directory is a directory service developed by Microsoft for Windows domain networks.
Integrating with Active Directory means:
- Importing users from AD into the Dynamicweb database
- Validating user credentials when a user connects to your website
Setting up AD integration involves:
- Downloading and installing the AD Integration web service
- Creating a Data Integration job in Dynamicweb to import users from AD
- Setting up External Authentication in Dynamicweb
Installing the AD Integration Web Service
In order to setup integration with Active Directory, you must first install the AD Integration web service on a server which has access to the AD server.
The web service is used by Dynamicweb for both importing users from AD and validating frontend logins against the AD records.
To do so:
- Download the AD Integration project from the downloads page
- Open the IIS Manager and click Conent View > Add new website in the right menu – for the Physical path select the folder with the web service source files (Figure 2.1)
- Click Edit bindings in the right menu and fill the information as shown in Figure 2.2
Next, edit the web service web.config file settings:
- Add your domain, user name and password for the user that has permissions to query your Active Directory. If you want to secure the data that is transferred from AD to DW you could specify a “SecurityToken” string which will be used for encrypt/decrypt data.
- In the “GroupsToSkip” field you could enumerate the groups that you don’t want to get the users from, separated by “,”
- In the “LimitToGroups” you could enumerate only the groups that you want to import users from, seperated by “,”
You will now be able to connect to your AD web service using an URL in the format of http://yourwebsitename/ADIntegrationService.asmx
Creating the Data Integration job
Next, you must create a data integration job for importing your users from AD:
- Go to Settings > Integration > Data Integration
- Click New activity from template
- Select ErpUserImport
- Name the activity
- Click OK and Save
Then you must configure a scheduled task for importing data from AD.
Configuring a scheduled task for importing data from AD
To set up a scheduled task for importing data from AD:
- Go to Settings > Integration > Integration Framework Batch
- Click Add
- Select the Active Directory Data Addin type and fill in the details as in Figure 4.1
The details you need to fill in are:
- The web service URL is the url to the ADIntegrationService.asmx file you set up earlier
- The Security key should match the string you optionally set up for the AD service Security Token web.config option – it is used to decrypt data coming from AD
- Users import activity should be the set to the Data Integration job you created in before
- The AD Destination group should be set to the user group where you want to import your AD users and user groups to
Click Save & Close to return to the scheduled task list, from which you can run the integration job.
This takes care of importing your AD users – now you must setup your frontend to use Active Directory login.
Setting up External Authentication
To set up external authentication when a user logs in to your frontend you must:
- Create and configure an external login provider
- Render an AD login button in frontend
To create and configure the external login provider:
- Go to Settings > Control Panel > External Authentication
- Click Add to create a new login provider
- Select Active Directory Login in the type dropdown
- Enter the path to the ADIntegrationService.asmx file in the web service URL field
- In the security key field enter the security token string from your web.config file
Save and close the provider.
In frontend, you can now render a login button for AD login, as in the following example: