Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

User Logon Name for Authentication

  Asked By: Jennifer Leach         Date: Nov 12, 2009      Category: Sharepoint      Views: 280
 

We have some external users whose accounts in AD are created with two user
names. In "Active Directory Users and Computers", they are called "User
Logon Name" and "User Logon Name (pre-Windows 2000)"; in an LDAP browser,
they are called "userPrincipalName" and "SAMAccountName".

The reason for the difference (as I understand it) is that we use email
addresses as account names for external users, and the "@" in an email is
invalid for the SAMAccountName. So at account creation, we generate a hash
for the domain part of the email. For example, the "userPrincipalName"
might be "joesmith@...", and the "SAMAccountName" might be
"joesmith!F324".

Right now, our SharePoint servers require such users to enter the
SAMAccountName to authenticate, rather than the userPrincipalName. (We are
using Basic Authentication with SSL, because many users are on computers
that are not bound to the domain.) Obviously, we would prefer that they be
able to use the friendlier "User Logon Name" (userPrincipalName).

What do we have to do to get there?

Tagged:          

 

3 Answers Found

 
Answer #1       Answered By: Emerson Franks          Answered On: Nov 12, 2009       

You shouldn't need to use Basic Auth just because some client machines
aren't on the domain.

 
Answer #2       Answered By: Ned Storm          Answered On: Nov 12, 2009       

The situation is a little more complex than I let on. We CAN use NTLM for
authentication, even for Firefox and Safari users, even for machines not on
the domain. However, IE users  on machines not on the domain _must_ precede
their login ID with the domain name and a backslash. IE will not use the
default domain suggested by the server, and instead uses the server's name
as the domain (Firefox and Safari get this right). Of course, the users have
active directory  accounts, not local accounts  on the server. So we have a
customer training and support problem if we use NTLM, which the central IT
services group decided to duck.

Basic is not as bad as it might seem since all the traffic is SSL.

 
Answer #3       Answered By: Myron Calhoun          Answered On: Nov 12, 2009       

I know you will get quite a few people going when talking about using
the External Collaboration Toolkit for SharePoint because the old story
was that it didn't support CLIENT INTEGRATION with FORMS BASED
AUTHENTICATION. That is no longer an issue and ECTS uses ADAM (Active
Directory Application Mode) to create user  accounts based on email
addresses.

If you would like to hear more about using ECTS, please let me know.
The author David Mowers and I have worked on this solution time and time
again. It works.

 
Didn't find what you were looking for? Find more on User Logon Name for Authentication Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011