ASP.NET Active Directory Authentication

First attempt to authenticate a website with AD. The web server is not a member of the domain.  I am using the example from this page http://msdn.microsoft.com/en-us/library/ms998360.aspx.  LDAP is not my strong point but I think it have it correct (not sure how to test).  When I run the site I get an error at this position:

type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

error is Serverless LDAP connection strings are not supported by the Active Directory membership provider.

I have this in my webconfig:
<connectionStrings>
            <add name="ADConnectionString" connectionString="LDAP://CN=Administrator,CN=Users,DC=domainname-here,DC=local"/>
  </connectionStrings>

<membership defaultProvider="DomainLoginMembershipProvider">
      <providers>
        <add name="DomainLoginMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="ADConnectionString"
         connectionProtection="Secure"
             connectionUsername="Administrator"
         connectionPassword="pwd"
attributeMapUsername="sAMAccountName"
            enableSearchMethods="false"
             />
      </providers>
    </membership>

I have tried domain\Administrator for connectionUsername with no success.
azyet24Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MajorBigDealCommented:
What happens if you use this connection string: dap://server-name/dc=domainname-here,dc=local
0
MajorBigDealCommented:
ldap://server-name/dc=domainname-here,dc=local
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
azyet24Author Commented:
I used your suggestion and now I get this error:
Unable to establish secure connection with the server

I moved the application to a computer on the domain and am able to login successfully.  Would this be a port issue or something that would be preventing my web server (inside DMZ) or is there another setting?  If port, do you know how I would allow authentication securely?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

MajorBigDealCommented:
Ok, so what you are saying is that your code works on a computer that is in the domain but not on a computer outside the domain. Correct?

What I would do in this situation is take a step back and debug the way to read from LDAP just in my own C# code using the computer that is not on the domain.  Then once I got that working, I would try to apply the results of that to your authentication problem.  That might seem like the long way around to you but that is the approach that I would use if I were having the same problem.  Are you interested in doing that?  

Also, what happens if you use the connection string “ldap://1.2.3.4¿, where you substitute the address of the domain controller?
0
azyet24Author Commented:
Hmm, changed to IP address and now I get Access is denied from my web server.  Does that mean that my application is actually talking to my Active Directory?
0
MajorBigDealCommented:
Yes, I think so. If you use a workstation that is inside the domain, does the web server still give you access denied?
0
azyet24Author Commented:
Turns out that I had a DNS issue so changing to IP address fixed that part and I simply needed to change Administrator to domain\Administrator and now it is working perfectly!!!  Thank you so much for your help.

I changed it to use code-behind authentication instead of web config so I could see what it was doing - per your suggestion.
0
MajorBigDealCommented:
Excellent - thanks for letting me know!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.