Question

How to link Active Directory and SQLMembershipProvider

Asked by: askasp

Hello Experts,

I know there are various posts and blogs all around the internet but couldn't find an aswer to this situation and not sure what the best practive is or how should i go with? This is my scenerio:

There are domain and non-domain users.
Admin will invite users(domain and non-domain) by email. Only invited domain members will be authorized so during the invitation process they will be assigned to either a role or their account will needs to be activated so that this will prevent all domain members to be authorized.

Domain users will be able to access to the site through internet (so not going to be an intranet app)
So basicly the only difference between Domain users and Non-Domain users is that the Domain users will be authenticated through active directory whereas non-domain users will be authenticated through the SQL with their passwords.

So my question is: During the Admin's email invitation process, invited users need to be created and assigned to roled in SQL with a password but how can I handle the domain users because they also needs to be somehow created in SQL but they won't have usernames/passwords since they will be authenticated through Active Directory.

Is this possible? or My approach is totally wrong to use SQLMembershipProvider to store domain user data as well as non-domain?

Thank you

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-06-03 at 11:13:59ID24461041
Tags

ASP.NET

,

C#

,

SQL

,

Active Directory

,

LDAP

Topics

Programming for ASP.NET

,

Microsoft Visual C#.Net

,

Active Directory

,

Web Development

Participating Experts
2
Points
500
Comments
11

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Use Active Directory users in ASP.net Roles
    I have an ASP.NET (3.5) application that uses Windows Authentication. Now I want to set authoritzation based on ASP.Net roles. I used the ASP.NET Configuration tool to create the roles and I know how to specify that a role has authority to a page. What I don't know how to ...
  2. Membership/Role with active directory
    Hi I am creating a ASP.NET 3.5 web application where i am using ODP.Net OracleMembershipProvider. Is it possible to integrate the Membership with active directory and i can create roles in oracle database. So that user can login using windows user name (Form Authentication) ...
  3. Blog and Directory backlinking
    Hello, I want to provide approximately 3 backlinks a day to my new blog. I have a list of 100 quality directories. Do you recommend adding all 100 directories at once, then adding a blog backlink every day, or will this produce too many spikes in our backlink accumulation?...
  4. Active Directory: Infrastructure Master Role vs Global Cat…
    Hi, 1) It is related to Active Directory. 2) It is related to Infrastucture Master Role and Global Catalog. 3) Somebody says that we have " to seperate the Infrastructure master role from the server that is hosting the Global Catalog" 4) My questions: i) Is the sta...
  5. Active Directory Roles
    Active Directory Roles I have AD Roles(Schema,DN,PDC,INFRA) in server1 and the RID in Server2 (both servers are in site1. I have in site2 a Domain Controller with no ROles. Even though Site2 is more vulnerable to Natural Catastrphies but: I wonder in case site1 goes down,...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: tony_angelopoulosPosted on 2009-06-03 at 11:26:08ID: 24539569

What I would do is use ADAM.

http://www.devsource.com/c/a/Using-VS/Making-Sense-of-ADAM/

you would want to create a stored procedure that queries your AD structure through ADAM and run it every day (as part of a package or command line script depending on your version of SQL).  I don't have access to the code I wrote for my previous employer, but this is exactly what I did.  ADAM has it's own strange query syntax, but you want to get that data piped daily into a new table.  You can at least get to the username information this way.  What I did was did a lookup to see if the currently logged on user was in this table, I would let the user pick a password.  That's the caveat to using ADAM with this dual approach; you won't get access to their passwords.  But at least at that point, you can find the user, add them via roles and membership, and let them pick their password.

I had the same problem!  I wish I could get access to that sproc.  Hopefully someone will have better information for you, but that's my 2 cents!

 

by: askaspPosted on 2009-06-03 at 11:35:01ID: 24539655

Thank you for the suggestion.

I need to use their passwords in Active Directory to authenticate them though but I don't need to have an access to them. I just need those authenticated users through Active Directory and somehow define those in SQL so that I can still use the role/membership provider of asp.net in my app and have an external database with additional info on the SQL side.

--No idea how to handle and meet to the requirements on the asp.net's provider side though in SQL

 

by: tony_angelopoulosPosted on 2009-06-03 at 11:40:47ID: 24539713

If you are using IIS7, a guy found a way to use both Forms and Windows.  Not trying to cheese out by searching for you, just trying to help!

http://74.125.95.132/search?q=cache:2LWURxrCvJEJ:mvolo.com/blogs/serverside/archive/2008/02/11/IIS-7.0-Two_2D00_Level-Authentication-with-Forms-Authentication-and-Windows-Authentication.aspx+using+forms+authentication+and+windows+authentication+in+an+asp.net&cd=5&hl=en&ct=clnk&gl=us

It's a cached page since the original's server is having issues!

 

by: askaspPosted on 2009-06-03 at 11:43:35ID: 24539743

Yeah well, I did some research before posting :)

 

by: askaspPosted on 2009-06-05 at 08:26:51ID: 24557375

Anyone?

 

by: TheLearnedOnePosted on 2009-06-25 at 07:39:02ID: 24711819

In your research, did you look at the ActiveDirectoryMembershipProvider?

http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx

 

by: askaspPosted on 2009-06-30 at 09:19:13ID: 24746850

Hello TheLearnedOne,

Thank you for getting back to me.I am still really confused. I did take a look at the Activedirectory membership provider however, I am still not sure how it is going to work. My concerns and goals are:

- I will only have read access to AD. The main purpose to implement this is to make life easier for Domain users since they will be able to get authenticated with their Domain email and password.

- All users are going to be created by the Admin and then invited through email to the site (which will approve their status). There won't be a create option for user's by themselves.

So basicly Admin is going to create the non-domain users with temporary passwords and invite them to the site whereas domain users are just going to be invited without any creation process.

I am quite familiar with SQLMembership provider since that's what I have always used so far and during creation process every user has their UserId, UserName/Email and Password. With that information I am able to add more tables to the structure and define foreign keys and such to store additional data.

But with implementing the AD Membership provider stand-alone , I don't think I can be able to reach to the non-domain users, on the other hand with stand-alone SQLMembership Provider I couldn't figure out how to relate AD users to the non-domain users defining both as a user in SQL since domain users won't have a UserId, UserName/Email and Password.

What would be the best practice? or How should I approach to this?

*I am not sure if my English was clear enough so let me know if I didn't make any sense :)

Thank you again for your time and effort.

 

by: TheLearnedOnePosted on 2009-07-01 at 15:16:28ID: 24758754

Hmmm...you might be able to create a wrapper class the encapsulates worker objects that you can delegate to, based on the criteria for domain, and non-domain users.

using System;
using System.Web.Security;
 
public class CustomMembershipProvider
{
 
    private SqlMembershipProvider _domainProvider;
    private ActiveDirectoryMembershipProvider _nonDomainProvider;
 
    public CustomMembershipProvider()
    {
        _domainProvider = new SqlMembershipProvider();
        _nonDomainProvider = new ActiveDirectoryMembershipProvider();
 
    }
 
    public bool ValidateUser(string userName, string password, bool isDomainUser)
    {
        if (isDomainUser)
            _domainProvider.ValidateUser(userName, password);
        else
            _nonDomainProvider.ValidateUser(userName, password);
    }
 
}
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:

Select allOpen in new window

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...