Edit the Web Security Configuration for your web project.
Select the "Use Active Directory" option. The prompt below this option will change to read "Security Table Type for Development and Testing". DBF File or SQL Database will still be used for developing and testing of the application. This means you can develop and test the application without having or needing to have access to the production Active Directory domain. The group names used during development and testing do need to be the same as in the Active Directory. The "Web User and Groups" dialog "Groups" tab allows group names to be imported from an Active Directory or a text file. Create or edit the publish profile settings for the production web server to configure the Active Directory server used in production. Publish profile setting for development and test servers should use the custom DBF file or SQL database.
Select the remainder of security settings needed like the redirect pages.
While users and groups are now used through Active Directory, developing and testing the web application against a production Active Directory server can be impractical because you may not have access to the Active Directory server. For this reason you will want to create users and groups to be stored in a DBF file or SQL database. These users and groups will be used during development and testing.
In order to work in this way the name of the groups you want to secure against must be spelled the same way as they are stored in the Active Directory. If you only have a few you can manually enter the groups and add some users as members of the groups. Otherwise, you can import groups directly from Active Directory or from a file.
Importing groups gives you the option to merge into existing groups (add group names not already in the list), overwrite existing groups (delete all groups before adding groups being imported), and include a test user in each group.
To import groups from a file change the Group name source to "File". Then specify a file that has the name of each group on a separate line. A test user name can be include for the groups too. The test user name follows the group name on the same line. Two tab characters are between the group name and the test user name. The format of the test user name is the test user's name followed by a | character and then the SAM-Account-Name for the test user. Example: John Doe|jdoe.
A command line tool named A5ActiveDirectoryExport.exe is included in the Alpha Anywhere Developer Edition install for generating a file from an Active Directory that can be imported by Alpha Anywhere Developer Edition. This stand alone exe file can be sent to anyone who has access to Active Directory to create a file for import. The command line options are:
|-h||Show the command line options.|
|-d||Specify a domain name.|
|-u||Username that has permission to access Active Directory.|
|-p||password of the Username that has permission to access Active Directory.|
|-iu||Include a group's users.|
|-ou||Restrict groups that are output to a specific organizational unit.|
A5ActiveDirectoryExport -iu > ad.txt
This will create a file named ad.txt that will contain groups and test users for current user's domain and will access Active Directory with the current user's identity. The test user names and SAM-Account-Name that are generated are the same. Example: TestUser-Engineering|TestUser-Engineering.
A5ActiveDirectoryExport -iu -ou "East Coast"> adEastCoast.txt
This will create a file named adEastCoast.txt that will contain groups and test users for current user's domain in the organizational unit of "East Coast" and will access Active Directory with the current user's identity. The test user names and SAM-Account-Name that are generated are the same. Example: TestUser-Engineering|TestUser-Engineering.
In order to use Active Directory in a web application the publishing profile must define an Active Directory configuration. The create publish profile genie adds a security store type for the Active Directory configuration if the security settings has the "Use Active Directory" option set. This will be the last page of the genie.
When the "Configure Active Directory" button is selected the Active Directory Configuration dialog is shown. If an Active Directory server is detected the fields will default to use that Active Directory server.
Select an Active Directory configuration mode to be used.
To change a publish profile's Active Directory configuration locate the Active Directory settings in the publish profile's Miscellaneous section of the property sheet. Change the security store type to change whether an Active Directory configuration is published and/or change the Active Directory configuration by clicking on the smart field button in the "Configure Active Directory" option.
When testing and developing a web application it is necessary to validate correct user authorization to parts of the application. For instance, the web application may have a back office component that should only be available to users in the "web app administrator" group. This is why users can still be defined in the web project's security settings. When publishing to a test environment, instead of defining an Active Directory configuration publish the Alpha Anywhere security tables so that they will be used for authentication and authorization instead of Active Directory. This give the ability to accurately test authorization.