?
Solved

ASP.NET Active Directory Authentication

Posted on 2011-10-02
8
Medium Priority
?
1,777 Views
Last Modified: 2012-05-12
First attempt to authenticate a website with AD. The web server is not a member of the domain.  I am using the example from this page http://msdn.microsoft.com/en-us/library/ms998360.aspx.  LDAP is not my strong point but I think it have it correct (not sure how to test).  When I run the site I get an error at this position:

type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

error is Serverless LDAP connection strings are not supported by the Active Directory membership provider.

I have this in my webconfig:
<connectionStrings>
            <add name="ADConnectionString" connectionString="LDAP://CN=Administrator,CN=Users,DC=domainname-here,DC=local"/>
  </connectionStrings>

<membership defaultProvider="DomainLoginMembershipProvider">
      <providers>
        <add name="DomainLoginMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="ADConnectionString"
         connectionProtection="Secure"
             connectionUsername="Administrator"
         connectionPassword="pwd"
attributeMapUsername="sAMAccountName"
            enableSearchMethods="false"
             />
      </providers>
    </membership>

I have tried domain\Administrator for connectionUsername with no success.
0
Comment
Question by:azyet24
  • 5
  • 3
8 Comments
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 36900035
What happens if you use this connection string: dap://server-name/dc=domainname-here,dc=local
0
 
LVL 11

Accepted Solution

by:
MajorBigDeal earned 2000 total points
ID: 36900036
ldap://server-name/dc=domainname-here,dc=local
0
 

Author Comment

by:azyet24
ID: 36900167
I used your suggestion and now I get this error:
Unable to establish secure connection with the server

I moved the application to a computer on the domain and am able to login successfully.  Would this be a port issue or something that would be preventing my web server (inside DMZ) or is there another setting?  If port, do you know how I would allow authentication securely?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 36900367
Ok, so what you are saying is that your code works on a computer that is in the domain but not on a computer outside the domain. Correct?

What I would do in this situation is take a step back and debug the way to read from LDAP just in my own C# code using the computer that is not on the domain.  Then once I got that working, I would try to apply the results of that to your authentication problem.  That might seem like the long way around to you but that is the approach that I would use if I were having the same problem.  Are you interested in doing that?  

Also, what happens if you use the connection string “ldap://1.2.3.4¿, where you substitute the address of the domain controller?
0
 

Author Comment

by:azyet24
ID: 36900410
Hmm, changed to IP address and now I get Access is denied from my web server.  Does that mean that my application is actually talking to my Active Directory?
0
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 36900674
Yes, I think so. If you use a workstation that is inside the domain, does the web server still give you access denied?
0
 

Author Comment

by:azyet24
ID: 36900765
Turns out that I had a DNS issue so changing to IP address fixed that part and I simply needed to change Administrator to domain\Administrator and now it is working perfectly!!!  Thank you so much for your help.

I changed it to use code-behind authentication instead of web config so I could see what it was doing - per your suggestion.
0
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 36900795
Excellent - thanks for letting me know!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question