Can't get ActiveDirectoryMembershipProvider to work

D

David Thielen

Hi;

How do I set up my ASP.NET 2.0 app to use ActiveDirectory for login? (I have
AspNetSqlMembershipProvider working fine)?

My web.config is:
....
<add name="ADConnectionString"
connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=net />
....
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="windward\administrator"
connectionPassword="******"/>
</providers>
</membership>

Depending on what I try (I have tried other values above) I get either "A
referral was returned from the server." or ""Unable to establish secure
connection with the server" or "The container specified in the connection
string does not exist".

Any ideas???

Also, is there a way to do this without putting a password in the config
file? This strikes me as a horrible thing to have there security wise.
 
J

Joe Kaplan \(MVP - ADSI\)

I'm still not up to speed on the AD membership provider, but this DN looks
wrong:

CN=Users,DC=picard,DC=windward,DC=net

Especially when used in conjunction with a DC with a DNS name that ends in
..local. They generally have to match.

You can use a tool like ADSI Edit or ldp.exe (my favorite) to check the
values of these things.

Joe K.
 
L

Luke Zhang [MSFT]

Hello,

I notice your connection string:

connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
,DC=net />

Should it be?

connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
,DC=local />

Also, to verify the connection string, you may first try to query the AD
with a vbscript like:

Dim oUser

strDomainDN = "YOURDOMAIN"
strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"

Set oUser = GetObject("LDAP://" & strUserDN)

After this works, and then try it in your ASP.NET application.

Luke Zhang
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
D

David Thielen

Hi;

Sorry, I tried with local too - aetting both to net and then to local, and
then trying each set different (which is what I copied) - problems with all.

Also, how do I call GetObject() - what class type do I need to be in or
object dor I use?
 
J

Joe Kaplan \(MVP - ADSI\)

Don't use GetObject. That is holdover VB compatibility stuff. You should
use the DirectoryEntry class in System.DirectoryServices.

Note that I'd recommend testing this stuff out with a tool like ADSI edit or
ldp.exe before writing code if you are not 100% sure about the code as you
won't be able to trust your own results as easily and will spend more time
dinking aroun that way.

Joe K.
 
L

Luke Zhang [MSFT]

Thank you for Joe's suggestion on ADSI edit and ldp.exe, it is a better
idea to verify your connection string and query with these before you
actually use them in the code.

Luke Zhang
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top