Can I specify a single user in an LDAP AD connection string?

I have several different web applications using authentication.  Some connect to our AD to get user info; others have the info stored in the Web.config.  For example, I have an app to update the news section of our website and I'm the only one with rights to it.  I've stored my username and password for it in the Web.config.  I'd like to be able to connect to AD and use that username and password for this.  It doesn't matter much for me, but some other people with similar setups around the building would like to eliminate the extra username and password from their brains.

I have the attached connection string that I use to authenticate a particular app.  This one only allows folks in the Parks and Recreation OU to authenticate.  Is there a way to specify a user here so I'm allowing only one person and not an entire OU?

LDAP://co.frederick.va.us:789/OU=Parks and Rec,DC=co,DC=frederick,DC=va,DC=us
mrcoulsonAsked:
Who is Participating?
 
mrcoulsonConnect With a Mentor Author Commented:
The solution was to modify Web.config like this:

<deny users="?" />
<allow users="jcoulson" />
<deny users="*" />

Jeremy
0
 
Joseph DalyCommented:
Im not sure if it would work for you but if you could try by usaing the distinguished name of the person versus the OU. It would look something like

LDAP://co.frederick.va.us:789/CN=username,OU=Parks and Rec,DC=co,DC=frederick,DC=va,DC=us

Give that a shot im thinking it should work.
0
 
mrcoulsonAuthor Commented:
Yeah, I tried that and I was told "the container does not exist".

Jeremy
0
 
Joseph DalyCommented:
Im wondering if the web app is only configured to look at an ou as the search base and not allow a user. Short of moving that user to their own OU im not sure if this will work.
0
 
mrcoulsonAuthor Commented:
Bummer!

Here's another thing I tried to do, but couldn't quite make it.  I wanted to put a function on the onauthenticate event of my login control.  Any idea how I might accomplish this?  Basically, I'm trying to say "if the user puts anything besides 'jcoulson' in the username box, just display the failed authentication message without even going to AD."

Jeremy
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
  {
    if (Login1.UserName != "jcoulson")
    {
      e.Authenticated = false;
    }
    else
    {
      // ???
    }
  }

Open in new window

0
All Courses

From novice to tech pro — start learning today.