Can't get ActiveDirectoryMembershipProvider to work

Discussion in 'ASP .Net Security' started by David Thielen, Mar 5, 2006.

  1. Hi;

    How do I set up my ASP.NET 2.0 app to use ActiveDirectory for login? (I have
    AspNetSqlMembershipProvider working fine)?

    My web.config is:
    ....
    <add name="ADConnectionString"
    connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=net />
    ....
    <membership defaultProvider="MembershipADProvider">
    <providers>
    <add name="MembershipADProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADConnectionString"
    connectionUsername="windward\administrator"
    connectionPassword="******"/>
    </providers>
    </membership>

    Depending on what I try (I have tried other values above) I get either "A
    referral was returned from the server." or ""Unable to establish secure
    connection with the server" or "The container specified in the connection
    string does not exist".

    Any ideas???

    Also, is there a way to do this without putting a password in the config
    file? This strikes me as a horrible thing to have there security wise.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com
    David Thielen, Mar 5, 2006
    #1
    1. Advertising

  2. David Thielen, Mar 5, 2006
    #2
    1. Advertising

  3. I'm still not up to speed on the AD membership provider, but this DN looks
    wrong:

    CN=Users,DC=picard,DC=windward,DC=net

    Especially when used in conjunction with a DC with a DNS name that ends in
    ..local. They generally have to match.

    You can use a tool like ADSI Edit or ldp.exe (my favorite) to check the
    values of these things.

    Joe K.

    "David Thielen" <> wrote in message
    news:...
    > ps - I have read through
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000026.asp
    > several times.
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    Joe Kaplan \(MVP - ADSI\), Mar 6, 2006
    #3
  4. Hello,

    I notice your connection string:

    connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    ,DC=net />

    Should it be?

    connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    ,DC=local />

    Also, to verify the connection string, you may first try to query the AD
    with a vbscript like:

    Dim oUser

    strDomainDN = "YOURDOMAIN"
    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"

    Set oUser = GetObject("LDAP://" & strUserDN)

    After this works, and then try it in your ASP.NET application.

    Luke Zhang
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Mar 6, 2006
    #4
  5. Hi;

    Sorry, I tried with local too - aetting both to net and then to local, and
    then trying each set different (which is what I copied) - problems with all.

    Also, how do I call GetObject() - what class type do I need to be in or
    object dor I use?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "Luke Zhang [MSFT]" wrote:

    > Hello,
    >
    > I notice your connection string:
    >
    > connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    > ,DC=net />
    >
    > Should it be?
    >
    > connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    > ,DC=local />
    >
    > Also, to verify the connection string, you may first try to query the AD
    > with a vbscript like:
    >
    > Dim oUser
    >
    > strDomainDN = "YOURDOMAIN"
    > strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    >
    > Set oUser = GetObject("LDAP://" & strUserDN)
    >
    > After this works, and then try it in your ASP.NET application.
    >
    > Luke Zhang
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    David Thielen, Mar 6, 2006
    #5
  6. Don't use GetObject. That is holdover VB compatibility stuff. You should
    use the DirectoryEntry class in System.DirectoryServices.

    Note that I'd recommend testing this stuff out with a tool like ADSI edit or
    ldp.exe before writing code if you are not 100% sure about the code as you
    won't be able to trust your own results as easily and will spend more time
    dinking aroun that way.

    Joe K.

    "David Thielen" <> wrote in message
    news:...
    > Hi;
    >
    > Sorry, I tried with local too - aetting both to net and then to local, and
    > then trying each set different (which is what I copied) - problems with
    > all.
    >
    > Also, how do I call GetObject() - what class type do I need to be in or
    > object dor I use?
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    >
    >
    > "Luke Zhang [MSFT]" wrote:
    >
    >> Hello,
    >>
    >> I notice your connection string:
    >>
    >> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    >> ,DC=net />
    >>
    >> Should it be?
    >>
    >> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    >> ,DC=local />
    >>
    >> Also, to verify the connection string, you may first try to query the AD
    >> with a vbscript like:
    >>
    >> Dim oUser
    >>
    >> strDomainDN = "YOURDOMAIN"
    >> strUserDN = strDomainDN & "/CN=John
    >> Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    >>
    >> Set oUser = GetObject("LDAP://" & strUserDN)
    >>
    >> After this works, and then try it in your ASP.NET application.
    >>
    >> Luke Zhang
    >> (This posting is provided "AS IS", with no warranties, and confers no
    >> rights.)
    >>
    >>
    Joe Kaplan \(MVP - ADSI\), Mar 6, 2006
    #6
  7. Thank you for Joe's suggestion on ADSI edit and ldp.exe, it is a better
    idea to verify your connection string and query with these before you
    actually use them in the code.

    Luke Zhang
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Mar 7, 2006
    #7
  8. Hi;

    I did that and started a new thread here with the original question and the
    results from ldp (it failed).

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "Joe Kaplan (MVP - ADSI)" wrote:

    > Don't use GetObject. That is holdover VB compatibility stuff. You should
    > use the DirectoryEntry class in System.DirectoryServices.
    >
    > Note that I'd recommend testing this stuff out with a tool like ADSI edit or
    > ldp.exe before writing code if you are not 100% sure about the code as you
    > won't be able to trust your own results as easily and will spend more time
    > dinking aroun that way.
    >
    > Joe K.
    >
    > "David Thielen" <> wrote in message
    > news:...
    > > Hi;
    > >
    > > Sorry, I tried with local too - aetting both to net and then to local, and
    > > then trying each set different (which is what I copied) - problems with
    > > all.
    > >
    > > Also, how do I call GetObject() - what class type do I need to be in or
    > > object dor I use?
    > >
    > > --
    > > thanks - dave
    > > david_at_windward_dot_net
    > > http://www.windwardreports.com
    > >
    > >
    > >
    > > "Luke Zhang [MSFT]" wrote:
    > >
    > >> Hello,
    > >>
    > >> I notice your connection string:
    > >>
    > >> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    > >> ,DC=net />
    > >>
    > >> Should it be?
    > >>
    > >> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
    > >> ,DC=local />
    > >>
    > >> Also, to verify the connection string, you may first try to query the AD
    > >> with a vbscript like:
    > >>
    > >> Dim oUser
    > >>
    > >> strDomainDN = "YOURDOMAIN"
    > >> strUserDN = strDomainDN & "/CN=John
    > >> Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    > >>
    > >> Set oUser = GetObject("LDAP://" & strUserDN)
    > >>
    > >> After this works, and then try it in your ASP.NET application.
    > >>
    > >> Luke Zhang
    > >> (This posting is provided "AS IS", with no warranties, and confers no
    > >> rights.)
    > >>
    > >>

    >
    >
    >
    David Thielen, Mar 7, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Arnel
    Replies:
    3
    Views:
    4,723
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=
    Oct 31, 2005
  2. Natan Vivo
    Replies:
    1
    Views:
    643
    Patrick.O.Ige
    Oct 31, 2005
  3. zxc
    Replies:
    0
    Views:
    131
  4. David Thielen

    Can't get ActiveDirectoryMembershipProvider to work

    David Thielen, Mar 7, 2006, in forum: ASP .Net Security
    Replies:
    21
    Views:
    704
    David Thielen
    Mar 16, 2006
  5. Xeno Campanoli
    Replies:
    1
    Views:
    341
    James Britt
    Jul 1, 2005
Loading...

Share This Page