First time at my blog? Check out the table of contents! x

Introducing the Blog Engine Active Directory Role Provider

posted on Wednesday, February 18, 2009 3:42 PM |

From the start, the BlogEngine.Net open source project has been designed using the provider model. In short, the provider model allows software to interface with numerous types of system, rather than being tied to one in particular. For example, BlogEngine.Net allows you to store and retrieve blog post data using either an XML file, or a database, depending on which Blog Provider you tell it to use. To switch between the two you simply change two lines of code inside the Web.Config file.

The .Net framework includes a nice provider called ActiveDirectoryMembershipProvider that allows applications to interface with Active Directory for user authentication purposes. You can use it with BlogEngine.Net in order to store user accounts and their associated passwords, as well as to authenticate users when they login to the blog system. This works great and I highly recommend using this provider if it makes sense for you to interface with Active Directory for you user system.

If you do decide to interface with Active Directory, you should know that even though the user accounts are managed by Active Directory, things like Roles (which defined permissions) and Profiles (which save user details) are not part of what the membership provider manages. User roles are managed by the Role Provider you configure BlogEngine.Net to use. And Profiles are managed by the Blog Provider, which there is only one of.

Today I am happy to announce a new Role Provider implementation that allows you to manage user permission (roles) using groups in Active Directory. It is appropriately named Active Directory Role Provider For BlogEngine.Net, and can be found in all its glory on CodePlex.

This role provider makes an excellent addition to the BlogEngine.Net project because it allows businesses that run AD to even further integrate the blog platform in with their systems. I hope that many of you find this useful. Good luck using it, and let me know if you have any questions, or find any bugs!

Click here to visit the BlogEngineADRP project site.

Comments Leave Yours...
Wes
2/19/2009 3:10 PM
# re: Introducing the Blog Engine Active Directory Role Provider

Does this implement the generic ASP.NEt RolesProvider? Is it possible to use it in other applications?

Rafe Kemmis
2/19/2009 4:14 PM
# re: Introducing the Blog Engine Active Directory Role Provider

Good question Wes.

Yes, this does implement the standard RoleProvider interface that the .Net framework defines. However it only has fully functional implementations of the methods of the interface which the BlogEngine.Net system uses.

This could in theory be used with any system that consumes classes that implement the RoleProvider interface. However I find that the one-size-fits-all approach to role providers is that the association of a role to an entity in another system like AD, that association is completely arbitrary and subjective. Thus there are infinite ways that role providers can function and associate roles with groups and users in AD.

If you want to simply associate BlogEngine roles with AD Groups, then this is the provider for you. But I think one needs to think through the details of how a rolesprovider is consumed in their system before they jump the gun and use the provider w/ another system.

Rob Walters
4/10/2009 4:38 PM
# re: Introducing the Blog Engine Active Directory Role Provider

I am sure I just missed a simple step. Any ideas...

Logon failure: unknown user name or bad password.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Logon failure: unknown user name or bad password.


Source Error:


Line 65: void Login1_LoggedIn(object sender, EventArgs e)
Line 66: {
Line 67: if (!Roles.IsUserInRole(Login1.UserName, BlogEngine.Core.BlogSettings.Instance.AdministratorRole))
Line 68: Response.Redirect(BlogEngine.Core.Utils.RelativeWebRoot, true);
Line 69: }


Source File: c:\Inetpub\wwwroot\blog\login.aspx.cs Line: 67

Stack Trace:


[COMException (0x8007052e): Logon failure: unknown user name or bad password.
]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +377678
System.DirectoryServices.DirectoryEntry.Bind() +36
System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
System.DirectoryServices.DirectorySearcher.FindAll() +9
BlogEngine.Contrib.Providers.ADRoleProvider.getUser(String userName) +71


Sulumits Retsambew
5/31/2009 11:48 AM
# re: Introducing the Blog Engine Active Directory Role Provider

thanks for the share..

Thermostat
6/2/2009 3:51 AM
# re: Introducing the Blog Engine Active Directory Role Provider

Thanks for sharing the information, Its well written.

Ole
4/19/2010 1:58 PM
# re: Introducing the Blog Engine Active Directory Role Provider

Hi - Great addon!!
Im having trouble seeing the admin controls when logging on. I can log on with AD and i have configured the Groups as described.
How to give blogadmin write permission?
What am i missing? Rights in files?
Domain and webserver are not the same.

Thanks a lot!

Post Your Comment

Title
Required
Name
Required
Email
Optional
Url
Optional
Comment  
Please add 2 and 1 and type the answer here:

Who Is Rafe

rafe

Rafe Kemmis

I am an audacious web developer with a double bachelor of science in Computer Science and Mathematics. I specialize in Microsoft ASP.Net, Silverlight, and Adobe ActionScript.

Questions?

Always a thoughtful response. You may post your question on an article, or contact me directly.

Hire Me.

I provide custom solutions to complex problems. I can help your business no matter how large or small.

Contact me now.

Subscribe


Recent Posts
Recent Comments.
Blog Navigation