Using Windows Authentication

To use Windows Authentication with mojoPortal content management system, your Web server must be on the same windows network that your users log into.

In IIS enable Windows Authentication and anonymous.

In Web.config Comment out the Forms authentication like this:

<!--
<authentication mode="Forms">
<forms
name=".mojochangeme"
protection="All"
timeout="50000000"
path="/"

/>
</authentication>
-->

and uncomment or add this:

<authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>

 

This only works if your users are using IE for the browser, with Firefox you get a login prompt and it doesn't work. A liitle googling and I found notes on configuring Firefox to work also, so if its possible for you to configure all your users Firefox like this it may be possible to use Firefox. The reason is it needs the browser to pass your windows credentials to IIS in the request and IE does this by default but Firefox does not.

Notes about Windows authentication with ASP.NET

Scott Guthries blog post

How To Use Windows Authentication in ASP.NET

One further tip, is before you change to windows authentcation, make sure and change the admin user to have the same user name as your windows login. For example if my windows login is jaudette then I would change admin to jaudette before making the change to windows authentication.

The reason for that is mojoportal still handles role membership internally, it does not use windows roles, so when I login using my windows login I need to already be in admins role to manage the site. Users will be able to login but will not be able to edit unless you put them into mojoportal roles with edit permission. The first time the user visits a mojoportal user will be created automatically based on the windows login but it doesn't get any roles assigned automatically other than the standard "Authenticated Users" role.

IMPORTANT: If you had previously configured LDAP Authentication in Site Settings, you should disable that before changing to Windows Authentication.

IIS 7 Notes

I ran into some difficulty when I first tried to get mojoPortal working on Vista/ IIS 7 using Windows authentication. The problem I had was that IE just kept prompting for the user and password instead of automatically passing the credentials. The solution turned out to be ironic and unexpected. I had to uncheck "Enable Integrated Windows Authentication" in the browser settings and restart the browser and then it worked.

screen shot of IE settings

You would think this needs to be checked but as it turns out, the name of this setting is misleading, information found here indicated that

if the option "Enable Integrated Windows Authentication"
is selected, IE will use Kerberos for integrated auth. Otherwise NTLM will
be used. The option is actually a switch between the protocols instead of
turning integrated auth on or off.

So what I think this means for a machine like my dev machine which is not part of a domain it needs to be unchecked to force NTLM, whereas if my machine and the web server were both part of an AD domain it would need to be checked so it could use Kerberos.

screen shot of IE broswer settings