I have the system working fine using forms, happy days:) but when set to windows, everybody is recognised as guest, they can read all content but not post etc.:cry:

Configuration

Web server: IIS V6.0 on Win2003 R2 SP1

SQL: MS SQL server 8.00.760 (SP3) on Win2003 SP2

Client XP, IE 7.0

Assumptions (please correct me if I am wrong)

- SQL authentication is separate to user login authentication. I.e. I can have a SQL username & password in the db.config and still use windows authentication. If this is true I can say that my SQL server is fine and concentrate on the Web server.

- If I get integrated windows login working correctly then the following should happen

--- Domain user opens YAF home page and the an account will be setup automatically

--- The sql table yaf_User should be populated with new user record

--- Domain user should never (ever) be prompted with username / password dialog box

--- Domain user will always be able to post as they will be recognised as a members

--- Once a domain user used the forum and account created, an admin can then change the roles etc for that user

How I got here,

- Took a full copy of the working forum (ie forms authentication) home folder.

- Created new website and pointed at this folder, changed default document to default.aspx, in Directory security removed checkbox for anonymous login and instead check the box integrated windows authentication

- Changed the web.config to

<authentication mode="Windows">
</authentication>
<!--identity impersonate="true" /-->

- Proxy not enabled on IE and server FQD added to Intranet on IE security

- Check the IIS logfile & it shows the web hit and in the logfile I see my Domain\Username so authentication seems to be working.

Some questions:

- Are my assumptions correct

- Any idea why wont YAF recognise my domain username especially when IIS log file records it in IIS log

- Is there any way to view log/debug of login (not a developer, please dont advise anything that involves direct coding)

- What format will the username take in the YAF_user table is it DOMAIN\USER, USER etc

- Is there something I have missed, I cant find a step by step how to for windows authentication so I am afraid that I am missing something obvious.

Any help welcome.

(PS: great software, well done to all)

I checked the IIS logs and the Windows auth is working fine, you see their ID on every get, but the user is only seeing Welcome Guest.

Very interesting. I have modified the table yaf_prov_Membership and changed just the field UsernameLwd to the format domain\username and it now recognises the integrated login username and gives the correct access. So on my Ver 1.9.3 I seem to have the same scenario.

This is much better. Previously I had only been testing by manually changing the yaf_User

I guess I could create a script to add new users from the domain. I think I saw some post that does something similar. There would have to be some way of detecting new usernames etc on the domain. Ideally if the automatic registration bit worked it would be best, will this pickup the email address from AD or will that have to be done by admin.

Any words of advice on best way forward?

I'm a lot better at VB than CS, but I have been trying to debug this. I will set some watches and breakpoints later, but first in just trying to trace this, why is the user not being added to the yaf_prov_Profile table, I found the CreateUser procedure:

public override System.Web.Security.MembershipUser CreateUser(

...

in \YAF\YAF.Providers\Passthru\YAFMembershipPassThru.cs

This procedure seems to be called in the admin page (naturally) and in

\YAF\YAF.Classes\YAF.Classes.Utils\MembershipHelper.cs

static private MembershipCreateStatus MigrateCreateUser(

...

but I can't find anywhere else other than the admin page where CreateUser is being called and I can't find anywhere at all where MigrateCreateUser is called.

If it's not being called, that would explain why the Active Directory users are never being added. Remember that they work fine if I add them myself.

http://www.15seconds.com/issue/050203.htm 

Not sure how Windows authentication is supposed to work with YAF Providers. I believe AD providers are needed.

Wow, that article was a little heavy for me.

I'm not sure how it's working, but it's working. When authentication is set in the web.config to "Windows" my users can log in and if there is matching account in the YAF provider's tables, they get in and are recognized, their roles work and everything.

And in the version dated in Jan. 2009 that was pre-provider, when they first connected, if they didn't have an account, the site created one for them. It used their correct display name and even pulled their email address from the Active Directory.

Here is a thread discussion the email address being truncated (I saw this happpening also)

http://forum.yetanotherforum.net/yaf_postst8033_Email-address-truncated-with-Active-Directory.aspx 

I would prefer to see the auto logon working though as running this script any time a user is added is not great.