I'm trying to install an Office365 authentication on my website running Wordpress.I have a few questions :
My server runs on Debian with ISPConfig and it seems that I need a Windows Server. I that possible to add Office365 authentication on a Linux server ?
I have an Azure AD and would like the Office365 login to be the mail of my users. I think this is what they call Synchronized identity but I didn't find any resources on how to do this.
Yesterday while trying the plugin SSO-AAD-Wordpress I had the button to login using Azure but when connecting I had "Sorry, but we're having trouble signing you in". I don't know why.
Thank you for your help :)
EDIT : It works now but I have to manually add the users to the Wordpress database. The other thing is that it works with Azure, not with Office365 (I don't know if it's worst mentioning).
Azure AD authentication works for the most part with browser redirects. The OS doesn't matter.
If you want the users' login name to be like first.last#company.com, you will have to register that domain in your Azure AD and set it up as the default.
For the last one we can't really help you unless you tell more details.
Related
My website is hosted in remote server with Windows Authentication enabled. I and some of my colleges were able to access the website. But for some peoples it's prompting for credentials. I've done some modifications didn't remembered to access the website. Is there any group/user need to be added in AD?
Please help me on this. I'm struggling since 2 days.
As far as I know, IE has the security setting which will send the current login in windows user name and password automatically. If your client doesn't enable the auto send username and password, it will prompt for credentials.
More details about how to enable it, you could refer to below steps:
1.Open the IE and find the internet options.
2.Modify the user authentication
Wondering if you can help me here, been battering away at this for days now.
i have an IIS site with windows authentication installed, which is working exactly the way it should do. This particular IIS Server houses approx 6 other sites so i have create a new Site called Helpdeskv6, with Application Pool Helpdeskv6 set to .NET 4 integrated using ApplicationPoolIndentity. We are currently working on a 2008 R2 domain, no windows firewall etc.
So i have now created a A Record that gives it a nice little name for our intranet users, the A record is called helpdesk (FQDN: helpdesk.my.domain). The IIS site is setup with bindings on standard port 80 for both helpdesk and the FQDN. but yet when i try and browse to the A record address it constantly prompts me for username and password. When i enter my details they work but i dont want users to be prompted.
i have ASP.NET Impersonation and Windows Authentiation enabled - Providers are NTLM and Negotiate. ASP Impersonation is Auth User. NTLM Authentication is ticked in my ASP Project Web Property page.
i have tried just enabling and disabling so many different settings, i have used setsnp -S HTTP/helpdesk.my.domain webserver001 and i have used setsmp -S HTTP/helpdesk webserver001 as i have read alot that apparently needs these in but nothing seems to work.
i have never used ASP Auth with a A Record before so i am at a severe loss please help, hope i supplied enough information as i do not want to have users entere their windows authentication constantly it should be auto so i am just fearfull i am missing a trick here as when i browse via netbios name it works but this is not appropriate for our environment
Forgot to close this out,
The issue was becuase the site wasnt being registered as a Intranet site and Auth details where not being transported over.
When sending gmail SMTP mail from Wordpress on a windows Azure website, something goes terribly wrong.
I managed to send once or twice a message, but mostly the authentication get's denied. And we get a lot of message of gmail, asking if we authenticated. Or if we are hacked.
Now the weird thing is that when i log in to the Gmail account on MY computer. Go to the following url and accept: https://accounts.google.com/b/0/DisplayUnlockCaptcha .
it suddenly works (for some time, and only form my pc).
As the worpress website is hosted on a Windows azure website, we can not log in on the server to navigate to this url:https://accounts.google.com/b/0/DisplayUnlockCaptcha from there.
Anyone got a solution for this issue? (As i don't have RDP on our azure Website, we can't access the machine to whitelist the ip).
Reference: https://support.google.com/mail/answer/10336?hl=en
You can try to generate an application-specific password for your gmail SMTP if you enable 2-step verification. That may help you to avoid manual CAPTCHA resolve.
I would still like to recommend SendGrid as you are using Azure. SendGrid is provided as an add-on in Azure. You can easily apply a SendGrid service and get 25,000 email per month for free.
I created an ASP.NET application for an internal purpose, where the domain user accesses a simple web form, fills in the form and submits. The application impersonates the user and sends an email as the logged on domain user to our ticketing system where a ticket is generated from the user who filled out the form. Now, everything works when I test by logging onto the same server that IIS (7.5) is located and submit the form, but when I try to do the same from my desktop (opening browser and pointing to web server), it does not work. After investigating the issue, I discovered that this is likely a double-hop issue (which I confirmed when the exchange admin checked logs after a few failed attempts and found that site was trying to send email as NTAuthority/Anonymous.)
I've combed the web and found a lot of info on this issue, but all I can seem find are articles detailing the issue in relation to earlier versions of IIS (IIS 5 or 6.) I’m using 7.5 so I’m not certain of how the process for resolving this would differ. Could someone who has had this issue on IIS 7.5 post the basic step by step instructions for resolving double-hop as it relates to IIS 7.5 and sending impersonated email to an Exchange server? Something to the effect of, step one – do this, step 2 – do this, etc…
Another question that I have is the following: Many articles that I have read specify setting up a service account for delegation, and then create SPNs...However with IIS 7.5, I have the option of using application pool identities. Would application pool identities work with delegating impersonation, or would a service account be required to fix the issue?
Thanks all!
From your description, it sounds like your ASP.NET application is trying to determine the logged in user by their Windows network login credentials?
If so, all you should need to do is turn off "Enable Anonymous Access" in your IIS site and make sure that "Authenticated Access" has the "Integrated Windows Authentication" turned on. Then IIS should properly query the browser for their login info and the session should use the user's credentials. This assumes a few things about the client browser used and if something other than Internet Explorer is used, then you might also need to turn on one of the other authentication methods so that the other browsers will properly prompt the user for their network login credentials. Sorry I don't have a running IIS 7.5 server at the moment to give you the exact site properties and descriptions to look at. So if you cannot determine it from my description here, hopefully someone else might add on with that or I can try to follow up later if you need.
I am developing an intranet MVC3 application that will be used by both domain and non domain computers.
Everyone has a domain account so whenever a non domain computer is to open the website a windows credentials prompt input box is expected to appear.
If i understand correctly this will be standard browser behavior since they won't pass windows credentials to a website unless they are in the same domain.
The problem however is that whenever i debug on my localhost i am in the same domain as the server(since i am the server obviously). This results in me being "logged in" with my workgroup windows account in stead of my domain account.
What i'm looking for is a way to trigger the prompt box so i can use my domain account to login rather then to get useless access with my workgroup account.
You can use Forms authentication with the ActiveDirectoryMembershipProvider.
Take a look to this tutorial on MSDN: http://msdn.microsoft.com/en-us/library/ms998360.aspx and this post: http://support.microsoft.com/kb/326340/en-us (sorry it's VB code).
Addendum: if you want just to test another user credentials you can use impersonation, just set-up your web.config.