AD MembershipProvider

Posted on 2007-08-09
Last Modified: 2013-11-26
I am developing a web app that needs to authenticate users against Active Directory.  I have successfully developed web apps that use the SQL membership provider and windows authentication, but this is my first using AD.

I am using Visual Studio 2005 and ASP.NET 2.  I am developing on an XP desktop that is not joined to our domain.  The web app will ultimately reside on a server that is also not joined to the domain.  But the users who will be using this web app will be defined in AD groups and I will be using their group membership to determine role access.

To test this out before integrating it into my web app (which is underway) I created a new simple web app and a login page and configured it to require authentication in the web.config in accordance with this doc:

At first, I had trouble connecting to the AD server, but I think I had problems with the DC decorations in the connection string  maybe not matching the domain name properly.  I think I have that straightened out now because I dont get any more complaints about not being able to connect.

Now the problem is that authentication just never succeeds.  Following is the important parts of the web.config:

  <add name="ADConnectionString"
   connectionString="LDAP://,DC=corp,DC=ourco,DC=com" />
  <compilation debug="false" />
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
    <deny users="?" />
    <allow users="*" />
  <membership defaultProvider="MembershipADProvider">
        type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
          Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  connectionPassword="myPassword" />

I think the only deviation I took from the MSDN article I referenced above is that I am using my credentials for connectionUsername and connectionPassword.  The article says it should be Administrator but I dont understand why it would be administrator.  I dont need to be administrator to log into Outlook with my own credentials and get my email.  If it does need to be administrator, I dont know how I will try explain to our IT department why I need the password for the domain administrator account.  Am I just not understanding something here?

Or what else may be wrong that I cannot log into my web app with my own user credentials?

Question by:CoderNotIT
    LVL 12

    Accepted Solution

    I also in the the process of switching from SQL to AD membership providers.
    We are using Administration delegation to limit administration to an OU.  The permissions are need to add, modify, and delete users within the AD.

    You may want to read the security note in activedirectorymembershipprovider Class at

    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    Foreword (May 2015) This web page has appeared at Google.  It's definitely worth considering! How to Know You are Making a Difference at EE In August, 2013, one …
    Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
    Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now