1. Home
  2. Categories
  3. Support
  4. Proget allows login once using LDAP Auth, then crashes until IISRESET

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Proget allows login once using LDAP Auth, then crashes until IISRESET

  • ?

    I’ve managed to get ProGet running using an existing SQL Server 2012 and IIS on Windows Server 2012. I also was able to switch to LDAP Authentication.

    So far so good.

    Now, I still have the following problem:

    I can open my browser, go to the ProGet server and login with windows authentication using my domain account. Works. When I open the browser a second time, navigating to the ProGet site, I always get that:

    Image Text

    The only thing I found that helps is to reset the IIS and then, I can log in again (once! Then, another iisreset is required).

    Product: ProGet
    Version: 2.2.10

    0
  • ?

    hello; this is a bad error message, but the underlying problem is that the AD user look-up failed. When we attempt to look up the LOGON_USER token, LDAP simply returns null.

    We're going to fix the error message in PG-173, but intermittent failure sounds likes (yet another) problem with the net35 AccountManagement API. We do plan on switching to the more reliable net20 DirectoryServices API in a future version.

    0
  • ?

    Thinking about your answer, i'm pretty sure that this is not a problem with the .Net API. I guess that is tightly related to the second question, I've filed here (see "USE ACCOUNTS FROM TRUSTED DOMAIN FOR RIGHTS ASSIGNMENT"). Whenever i open a browser on machine.dev.local and go to the ProGet Server (located in dev.local - see explanation of the infrastructure in above mentioned question), I'm authenticated as company\John (which is a user of a different domain but dev.local has a trust with company.com). As long as the ProGet implementation assumes the accounts used for authentication to be members of the domain where proget is located in (and i guess that's the case!), you will get null back from the .Net API.

    So for scenario like mine,

    this would fail (principal = null):

    var ctx = new PrincipalContext(ContextType.Domain);
var principal = UserPrincipal.FindByIdentity(ctx, @"company\John");

    and this would work (principal has the expected value):

    var ctx = new PrincipalContext(ContextType.Domain, null, "company.com", @"AnAccountFromCompanyDomain", "TheAccountsPassword"));
var principal = UserPrincipal.FindByIdentity(ctx, @"company\John");

    I guess you need, you just have to make the account domain configurable for cases, it differs from the domain where ProGet is located in and let the user apply credentials fro Account- Queries in the Account- Domain and then use the example above to query and you're done. Right? ;-)

    So big question for me now is if and when can i expect a version that supports our scenario. As i told Karl last week, we're looking for a commercial solution to replace our Inhouse- Solution to reduce our maintenance efforts for package management tools. Unfortunately we run out of time for the decision to go with an external tool or to keep our internal stuff running. Would be great to get some info about if and if yes, when we can expect a ProGet version that fits our needs.

    Best Regards,
    Joachim

    0
proget 1568 ldap 46
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation