Windows Authentication again security group on Active Directory?


I am trying to set up a windows authentication app which authenticates users against a security group on active directory.

1) Do I need to implement the LDAPAuthentication?
or can I just use IsMemberOf("YOURDOMAIN\YourApp Admins") ?

2) Also what are differences on security group on organizational and security group on Group Manager on Active Directory?
My admin folks seem to use them both when they create me security groups.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


To configure ASP.NET for membership

In the Web.config file, add a connection string similar to the following, and modify it so that it points to your Active Directory users container.

Note   The connection string shown above connects to the user's container within a domain called Update this string to point to the relevant users container within your domain.
Add a  element after your  element, as shown in the following example.

Make sure that you set the connectionStringName attribute to the same name ("ADConnectionString") you specified earlier in your connectionStrings section.

Make sure to set the defaultProvider attribute value to MyADMembershipProvider, because this needs to be overwritten. The machine-level default value points to SQLMembershipProvider type, using the local SqlExpress instance. If you do not overwrite this attribute, ASP.NET uses the default provider.

Note   In the example above, it is assumed that you are working in a test domain and have the password of an administrator account capable of creating new accounts. The administrator name and password must be supplied in plain text. As a result, you should encrypt this configuration section as well as the  section. For more information, see How To: Encrypt Configuration Sections in ASP.NET 2.0 using DPAPI and How To: Encrypt Configuration Sections in ASP.NET 2.0 using RSA.
For the full list of attribute settings for the ActiveDirectoryMembershipProvider, see the section, "Configuration Attributes."

Connecting to Active Directory

When the ActiveDirectoryMembership provider connects to Active Directory, it uses the account whose credentials are specified on the connectionUsername property (note the lower-case n, which is different from the connectionStringName property). If you specify the connectionUsername property, you must also specify the connectionPassword property, otherwise an exception is thrown.

If you do not specify account credentials, Active Directory uses your ASP.NET Web application's process account.

Note   The service account that you use to connect to Active Directory must have sufficient permissions in Active Directory. If you place your user accounts in an Active Directory organizational unit (OU), you can create and use a service account that has only read, write, and delete access on that OU (and, optionally, reset password privilege).
Step 4. Test Forms Authentication

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dkim18Author Commented:
I read that article too but I am still at lost.
That article is using form authen with AD.

I would like to ask windows authen using AD.
I read some where that I can just do this, IsMemberOf("YOURDOMAIN\YourApp Admins").

1) My questions are do I need to implement what you saw me or can I just do the IsMememberof()?

2) Also how do I check against my security group? This example uses just domain name. There are 1oo security groups and I want to use one of groups to authenticate.
You can do it with the IsMemberOf.....

You have to build an LDAP connection to AD...see the post above about creating a connection string for AD.  At that point, you would query the OU to see if the user is a member of it.  If you are checking to see if they are a member of the domain, and not a subgroup, you can do that (All Users).  If you are checking to see if they are a member of some other security group, you would need to use that string.
Kumaraswamy RCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.