Solved

Username issue with Forms Authentication against Active Directory

Posted on 2011-02-28
2
307 Views
Last Modified: 2012-05-11
I'm using forms authentication against active directory for my site and I have a small problem with the username. If I enter "username@domain" it works perfect, if I use "username" it fails. How can I resolve this so the "@domain" isn't required?

I used the steps found at:
http://msdn.microsoft.com/en-us/library/ff650308.aspx

Here is my config information:
 
<connectionStrings>
		<add name="ADConnectionString" connectionString="LDAP://mydomain.local/DC=mydomain,DC=local" />
	</connectionStrings>

	  <authentication mode="Forms">
		  <forms name=".ADAuthCookie" timeout="2880" />
	  </authentication>

	  <membership defaultProvider="MyADMembershipProvider">
		  <providers>
			  <clear/>
			  <add 
				  name="MyADMembershipProvider"
					type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
					connectionStringName="ADConnectionString"
					connectionUsername="username with read access (i.e. not an admin)"
					connectionPassword="password"/>
		  </providers>
	  </membership>

Open in new window


I assume I'm missing something really simple somewhere, since I can't seem to find anyone else with this problem.
0
Comment
Question by:_valkyrie_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Accepted Solution

by:
Paul Jackson earned 500 total points
ID: 35001517
The format of the user name depends on the attributeMapUsername attribute of the <membership> element. The default configuration for the ActiveDirectoryMembershipProvider uses User Principal Names (UPNs) for name mapping as shown in the following example.

attributeMapUsername="userPrincipalName"
  Because of this, all user names must have the format UserName@DomainName; for example: mary@testdomain.com or steve@testdomain.com.

You can change the name mapping so that it uses simple user name format by setting the following attribute in the Membership Provider configuration in the Web.config file.

attributeMapUsername="sAMAccountName"
  With this configuration, you can use simple user names, for example: Mary or Steve.


...
<membership defaultProvider="MyADMembershipProvider"> 
                  <providers> 
                          <clear/> 
                          <add  
                                  name="MyADMembershipProvider" 
                                        type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
                                        connectionStringName="ADConnectionString" 
                                        connectionUsername="username with read access (i.e. not an admin)" 
                                        connectionPassword="password"
                                        attributeMapUserName="sAMAccountName"/> 
                  </providers> 
          </membership>

Open in new window

0
 
LVL 2

Author Closing Comment

by:_valkyrie_
ID: 35001594
Thanks for the quick and simple solution. I knew I had to be missing something!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question