?
Solved

Can I specify a single user in an LDAP AD connection string?

Posted on 2010-01-11
5
Medium Priority
?
527 Views
Last Modified: 2013-12-24
I have several different web applications using authentication.  Some connect to our AD to get user info; others have the info stored in the Web.config.  For example, I have an app to update the news section of our website and I'm the only one with rights to it.  I've stored my username and password for it in the Web.config.  I'd like to be able to connect to AD and use that username and password for this.  It doesn't matter much for me, but some other people with similar setups around the building would like to eliminate the extra username and password from their brains.

I have the attached connection string that I use to authenticate a particular app.  This one only allows folks in the Parks and Recreation OU to authenticate.  Is there a way to specify a user here so I'm allowing only one person and not an entire OU?

LDAP://co.frederick.va.us:789/OU=Parks and Rec,DC=co,DC=frederick,DC=va,DC=us
0
Comment
Question by:mrcoulson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 26285434
Im not sure if it would work for you but if you could try by usaing the distinguished name of the person versus the OU. It would look something like

LDAP://co.frederick.va.us:789/CN=username,OU=Parks and Rec,DC=co,DC=frederick,DC=va,DC=us

Give that a shot im thinking it should work.
0
 

Author Comment

by:mrcoulson
ID: 26285469
Yeah, I tried that and I was told "the container does not exist".

Jeremy
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 26285494
Im wondering if the web app is only configured to look at an ou as the search base and not allow a user. Short of moving that user to their own OU im not sure if this will work.
0
 

Author Comment

by:mrcoulson
ID: 26285541
Bummer!

Here's another thing I tried to do, but couldn't quite make it.  I wanted to put a function on the onauthenticate event of my login control.  Any idea how I might accomplish this?  Basically, I'm trying to say "if the user puts anything besides 'jcoulson' in the username box, just display the failed authentication message without even going to AD."

Jeremy
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
  {
    if (Login1.UserName != "jcoulson")
    {
      e.Authenticated = false;
    }
    else
    {
      // ???
    }
  }

Open in new window

0
 

Accepted Solution

by:
mrcoulson earned 0 total points
ID: 26369680
The solution was to modify Web.config like this:

<deny users="?" />
<allow users="jcoulson" />
<deny users="*" />

Jeremy
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question