Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

AD MembershipProvider

Posted on 2007-08-09
3
Medium Priority
?
223 Views
Last Modified: 2013-11-26
I am developing a web app that needs to authenticate users against Active Directory.  I have successfully developed web apps that use the SQL membership provider and windows authentication, but this is my first using AD.

I am using Visual Studio 2005 and ASP.NET 2.  I am developing on an XP desktop that is not joined to our domain.  The web app will ultimately reside on a server that is also not joined to the domain.  But the users who will be using this web app will be defined in AD groups and I will be using their group membership to determine role access.

To test this out before integrating it into my web app (which is underway) I created a new simple web app and a login page and configured it to require authentication in the web.config in accordance with this doc: http://msdn2.microsoft.com/en-us/library/ms998347.aspx#paght000022_usingtheactivedirectorymembershipprovider

At first, I had trouble connecting to the AD server, but I think I had problems with the DC decorations in the connection string  maybe not matching the domain name properly.  I think I have that straightened out now because I dont get any more complaints about not being able to connect.

Now the problem is that authentication just never succeeds.  Following is the important parts of the web.config:

<connectionStrings>
  <add name="ADConnectionString"
   connectionString="LDAP://dcname.corp.ourco.com/CN=Users,DC=corp,DC=ourco,DC=com" />
</connectionStrings>
<system.web>
  <compilation debug="false" />
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           protection="All"
           timeout="30"
           name="AppNameCookie"
           path="/FormsAuth"
           requireSSL="false"
           slidingExpiration="true"
           defaultUrl="default.aspx"
           cookieless="UseCookies"
           enableCrossAppRedirects="false"/>
  </authentication>
  <authorization>
    <deny users="?" />
    <allow users="*" />
  </authorization>
  <membership defaultProvider="MembershipADProvider">
    <providers>
      <add
        name="MembershipADProvider"
        type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
          Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  connectionStringName="ADConnectionString"
                  connectionUsername="OURCO\myName"
                  connectionPassword="myPassword" />
    </providers>
  </membership>

I think the only deviation I took from the MSDN article I referenced above is that I am using my credentials for connectionUsername and connectionPassword.  The article says it should be Administrator but I dont understand why it would be administrator.  I dont need to be administrator to log into Outlook with my own credentials and get my email.  If it does need to be administrator, I dont know how I will try explain to our IT department why I need the password for the domain administrator account.  Am I just not understanding something here?

Or what else may be wrong that I cannot log into my web app with my own user credentials?

Thanks.
0
Comment
Question by:CoderNotIT
2 Comments
 
LVL 12

Accepted Solution

by:
CmdoProg2 earned 2000 total points
ID: 19665624
I also in the the process of switching from SQL to AD membership providers.
We are using Administration delegation to limit administration to an OU.  The permissions are need to add, modify, and delete users within the AD.

You may want to read the security note in activedirectorymembershipprovider Class at
http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx





0
 
LVL 1

Expert Comment

by:Computer101
ID: 20521783
Forced accept.

Computer101
EE Admin
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A publishing tool, a Version Control System, or a Collaboration Platform! These can be some of the defining words for the two very famous web-hosting Git repositories: Bitbucket and Github. Git is widely used amongst the programmers and developers f…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Suggested Courses
Course of the Month10 days, 7 hours left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question