Can't get ActiveDirectoryMembershipProvider to work

Discussion in 'ASP .Net Security' started by David Thielen, Mar 7, 2006.

  1. Hi;

    How do I set up my ASP.NET 2.0 app to use ActiveDirectory for login? (I have
    AspNetSqlMembershipProvider working fine)?

    My web.config is:
    ....
    <add name="ADConnectionString"
    connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local />
    ....
    <membership defaultProvider="MembershipADProvider">
    <providers>
    <add name="MembershipADProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADConnectionString"
    connectionUsername="windward\administrator"
    connectionPassword="******"/>
    </providers>
    </membership>

    Depending on what I try (I have tried other values above) I get either "A
    referral was returned from the server." or ""Unable to establish secure
    connection with the server".

    I tried ldp to test the LDAP connection and got these errors:
    ld =
    ldap_open(LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local, 389);
    Error <0x51>: Fail to connect to
    LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    ld =
    ldap_open("//picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    389);
    Error <0x51>: Fail to connect to
    //picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    ld =
    ldap_open("picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    389);
    Error <0x51>: Fail to connect to
    picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    ld = ldap_open("LDAP://windward.net/CN=Users,DC=windward,DC=net", 389);
    Error <0x51>: Fail to connect to
    LDAP://windward.net/CN=Users,DC=windward,DC=net.
    ld =
    ldap_open("LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net",
    389);
    Error <0x51>: Fail to connect to
    LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net.

    Any ideas???

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com
    David Thielen, Mar 7, 2006
    #1
    1. Advertising

  2. When using ldp, you connect with the DNS name of the server. In your case,
    this is:

    picard.windward.local

    Make sure you do a bind operation after that with the credentials you are
    using in your code.

    Then, what I would do is look under the "View | Tree" and see what naming
    contexts are mentioned. You could also try pasting in the name

    CN=Users,DC=picard,DC=windward,DC=local

    into that dialog and seeing if that works. You might also try the higher
    level name and see if that works:

    DC=picard,DC=windward,DC=local

    The "LDAP://" thing is an ADSI provider model moniker, so you will never use
    that in ldp (since it does not use ADSI under the hood).

    Another thing you can do with ldp is if your machine is joined to
    windward.local, you can use a null value for the server name in ldp.exe and
    it will find a DC in your domain automatically.

    HTH,

    Joe K.


    "David Thielen" <> wrote in message
    news:...
    > Hi;
    >
    > How do I set up my ASP.NET 2.0 app to use ActiveDirectory for login? (I
    > have
    > AspNetSqlMembershipProvider working fine)?
    >
    > My web.config is:
    > ...
    > <add name="ADConnectionString"
    > connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local
    > />
    > ...
    > <membership defaultProvider="MembershipADProvider">
    > <providers>
    > <add name="MembershipADProvider"
    > type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > connectionStringName="ADConnectionString"
    > connectionUsername="windward\administrator"
    > connectionPassword="******"/>
    > </providers>
    > </membership>
    >
    > Depending on what I try (I have tried other values above) I get either "A
    > referral was returned from the server." or ""Unable to establish secure
    > connection with the server".
    >
    > I tried ldp to test the LDAP connection and got these errors:
    > ld =
    > ldap_open(LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local,
    > 389);
    > Error <0x51>: Fail to connect to
    > LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    > ld =
    > ldap_open("//picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    > 389);
    > Error <0x51>: Fail to connect to
    > //picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    > ld =
    > ldap_open("picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    > 389);
    > Error <0x51>: Fail to connect to
    > picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    > ld = ldap_open("LDAP://windward.net/CN=Users,DC=windward,DC=net", 389);
    > Error <0x51>: Fail to connect to
    > LDAP://windward.net/CN=Users,DC=windward,DC=net.
    > ld =
    > ldap_open("LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net",
    > 389);
    > Error <0x51>: Fail to connect to
    > LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net.
    >
    > Any ideas???
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    Joe Kaplan \(MVP - ADSI\), Mar 7, 2006
    #2
    1. Advertising

  3. Hi;

    Progress!!!

    Ok, that got me connected with ldp. And in ldp view | tree failed for
    "CN=Users,DC=picard,DC=windward,DC=local" but succeeded for
    "CN=Users,DC=windward,DC=local". So I changed my string in Web.Config to
    "LDAP://picard.windward.local/CN=Users,DC=windward,DC=local" but still got:

    Parser Error Message: Default Membership Provider could not be found.

    And it highlights:

    Line 42: <membership defaultProvider="ADMembershipProvider">

    Any other ideas?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "Joe Kaplan (MVP - ADSI)" wrote:

    > When using ldp, you connect with the DNS name of the server. In your case,
    > this is:
    >
    > picard.windward.local
    >
    > Make sure you do a bind operation after that with the credentials you are
    > using in your code.
    >
    > Then, what I would do is look under the "View | Tree" and see what naming
    > contexts are mentioned. You could also try pasting in the name
    >
    > CN=Users,DC=picard,DC=windward,DC=local
    >
    > into that dialog and seeing if that works. You might also try the higher
    > level name and see if that works:
    >
    > DC=picard,DC=windward,DC=local
    >
    > The "LDAP://" thing is an ADSI provider model moniker, so you will never use
    > that in ldp (since it does not use ADSI under the hood).
    >
    > Another thing you can do with ldp is if your machine is joined to
    > windward.local, you can use a null value for the server name in ldp.exe and
    > it will find a DC in your domain automatically.
    >
    > HTH,
    >
    > Joe K.
    >
    >
    > "David Thielen" <> wrote in message
    > news:...
    > > Hi;
    > >
    > > How do I set up my ASP.NET 2.0 app to use ActiveDirectory for login? (I
    > > have
    > > AspNetSqlMembershipProvider working fine)?
    > >
    > > My web.config is:
    > > ...
    > > <add name="ADConnectionString"
    > > connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local
    > > />
    > > ...
    > > <membership defaultProvider="MembershipADProvider">
    > > <providers>
    > > <add name="MembershipADProvider"
    > > type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > > connectionStringName="ADConnectionString"
    > > connectionUsername="windward\administrator"
    > > connectionPassword="******"/>
    > > </providers>
    > > </membership>
    > >
    > > Depending on what I try (I have tried other values above) I get either "A
    > > referral was returned from the server." or ""Unable to establish secure
    > > connection with the server".
    > >
    > > I tried ldp to test the LDAP connection and got these errors:
    > > ld =
    > > ldap_open(LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local,
    > > 389);
    > > Error <0x51>: Fail to connect to
    > > LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    > > ld =
    > > ldap_open("//picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    > > 389);
    > > Error <0x51>: Fail to connect to
    > > //picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    > > ld =
    > > ldap_open("picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    > > 389);
    > > Error <0x51>: Fail to connect to
    > > picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    > > ld = ldap_open("LDAP://windward.net/CN=Users,DC=windward,DC=net", 389);
    > > Error <0x51>: Fail to connect to
    > > LDAP://windward.net/CN=Users,DC=windward,DC=net.
    > > ld =
    > > ldap_open("LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net",
    > > 389);
    > > Error <0x51>: Fail to connect to
    > > LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net.
    > >
    > > Any ideas???
    > >
    > > --
    > > thanks - dave
    > > david_at_windward_dot_net
    > > http://www.windwardreports.com
    > >

    >
    >
    >
    David Thielen, Mar 7, 2006
    #3
  4. That looks like more of a error with the provider model's class factory.
    Like I said before, I don't really know much about membership stuff (just
    the LDAP stuff), so I'm not sure what's up with that.

    You might want to start a new thread on that though with just the relevant
    config stuff.

    Joe K.

    "David Thielen" <> wrote in message
    news:...
    > Hi;
    >
    > Progress!!!
    >
    > Ok, that got me connected with ldp. And in ldp view | tree failed for
    > "CN=Users,DC=picard,DC=windward,DC=local" but succeeded for
    > "CN=Users,DC=windward,DC=local". So I changed my string in Web.Config to
    > "LDAP://picard.windward.local/CN=Users,DC=windward,DC=local" but still
    > got:
    >
    > Parser Error Message: Default Membership Provider could not be found.
    >
    > And it highlights:
    >
    > Line 42: <membership defaultProvider="ADMembershipProvider">
    >
    > Any other ideas?
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    >
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    >> When using ldp, you connect with the DNS name of the server. In your
    >> case,
    >> this is:
    >>
    >> picard.windward.local
    >>
    >> Make sure you do a bind operation after that with the credentials you are
    >> using in your code.
    >>
    >> Then, what I would do is look under the "View | Tree" and see what naming
    >> contexts are mentioned. You could also try pasting in the name
    >>
    >> CN=Users,DC=picard,DC=windward,DC=local
    >>
    >> into that dialog and seeing if that works. You might also try the higher
    >> level name and see if that works:
    >>
    >> DC=picard,DC=windward,DC=local
    >>
    >> The "LDAP://" thing is an ADSI provider model moniker, so you will never
    >> use
    >> that in ldp (since it does not use ADSI under the hood).
    >>
    >> Another thing you can do with ldp is if your machine is joined to
    >> windward.local, you can use a null value for the server name in ldp.exe
    >> and
    >> it will find a DC in your domain automatically.
    >>
    >> HTH,
    >>
    >> Joe K.
    >>
    >>
    >> "David Thielen" <> wrote in message
    >> news:...
    >> > Hi;
    >> >
    >> > How do I set up my ASP.NET 2.0 app to use ActiveDirectory for login? (I
    >> > have
    >> > AspNetSqlMembershipProvider working fine)?
    >> >
    >> > My web.config is:
    >> > ...
    >> > <add name="ADConnectionString"
    >> > connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local
    >> > />
    >> > ...
    >> > <membership defaultProvider="MembershipADProvider">
    >> > <providers>
    >> > <add name="MembershipADProvider"
    >> > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    >> > System.Web,
    >> > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    >> > connectionStringName="ADConnectionString"
    >> > connectionUsername="windward\administrator"
    >> > connectionPassword="******"/>
    >> > </providers>
    >> > </membership>
    >> >
    >> > Depending on what I try (I have tried other values above) I get either
    >> > "A
    >> > referral was returned from the server." or ""Unable to establish secure
    >> > connection with the server".
    >> >
    >> > I tried ldp to test the LDAP connection and got these errors:
    >> > ld =
    >> > ldap_open(LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local,
    >> > 389);
    >> > Error <0x51>: Fail to connect to
    >> > LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    >> > ld =
    >> > ldap_open("//picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    >> > 389);
    >> > Error <0x51>: Fail to connect to
    >> > //picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    >> > ld =
    >> > ldap_open("picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local",
    >> > 389);
    >> > Error <0x51>: Fail to connect to
    >> > picard.windward.local/CN=Users,DC=picard,DC=windward,DC=local.
    >> > ld = ldap_open("LDAP://windward.net/CN=Users,DC=windward,DC=net", 389);
    >> > Error <0x51>: Fail to connect to
    >> > LDAP://windward.net/CN=Users,DC=windward,DC=net.
    >> > ld =
    >> > ldap_open("LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net",
    >> > 389);
    >> > Error <0x51>: Fail to connect to
    >> > LDAP://picard.windward.net/CN=Users,DC=picard,DC=windward,DC=net.
    >> >
    >> > Any ideas???
    >> >
    >> > --
    >> > thanks - dave
    >> > david_at_windward_dot_net
    >> > http://www.windwardreports.com
    >> >

    >>
    >>
    >>
    Joe Kaplan \(MVP - ADSI\), Mar 7, 2006
    #4
  5. Hello,

    In your original message:

    <membership defaultProvider="MembershipADProvider">

    And then, in this message:

    <membership defaultProvider="ADMembershipProvider">

    Is there anything wrong here?

    Thanks,

    Luke Zhang
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Mar 8, 2006
    #5
  6. Hello;

    I have seen both in various postings and so have tried both. I don't know
    what belongs there as I have not found any documentation for this. Which
    should I use?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "Luke Zhang [MSFT]" wrote:

    > Hello,
    >
    > In your original message:
    >
    > <membership defaultProvider="MembershipADProvider">
    >
    > And then, in this message:
    >
    > <membership defaultProvider="ADMembershipProvider">
    >
    > Is there anything wrong here?
    >
    > Thanks,
    >
    > Luke Zhang
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    David Thielen, Mar 10, 2006
    #6
  7. Luke Zhang [MSFT], Mar 13, 2006
    #7
  8. Hello;

    Ok, I tried:
    <authentication mode="Forms">
    <forms name=".ADAuthCookie" loginUrl="login.aspx">
    </forms>
    </authentication>
    <authorization>
    <deny users="?"/>
    </authorization>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    <providers>
    <add name="AspNetActiveDirectoryMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.3600, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
    </membership>

    And got the error:
    Parser Error Message: Could not load file or assembly 'System.Web,
    Version=2.0.3600, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of
    its dependencies. The system cannot find the file specified.

    Source Error:


    Line 64: <providers>
    Line 65: <add name="AspNetActiveDirectoryMembershipProvider"
    Line 66:
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    Line 67: System.Web, Version=2.0.3600, Culture=neutral,
    Line 68: PublicKeyToken=b03f5f7f11d50a3a" />

    Any ideas?


    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "Luke Zhang [MSFT]" wrote:

    > By default, it is ="AspNetActiveDirectoryMembershipProvider":
    >
    > http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectory
    > membershipprovider.aspx
    >
    > Luke Zhang
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    David Thielen, Mar 13, 2006
    #8
  9. I noticed that
    http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx
    gives two different version numbers depending on the sample (short or long).

    I finally got it to accept System.Web with a version number of 2.0.0.0 -
    which is not the displayed version number of System.Web!!

    Second, it shows:
    connectionUserName="UserWithAppropriateRights"
    connectionPassword="PasswordForUser"
    but should be:
    connection-username="UserWithAppropriateRights"
    connection-password="PasswordForUser"

    And finally, with or without username/password I now get:
    Parser Error Message: The specified connection string does not represent a
    valid LDAP adspath.

    I have tried:
    <add name="ADService" connectionString="LDAP://picard.windward.local/" />
    <add name="ADService" connectionString="LDAP://windward.local/" />
    <add name="ADService" connectionString="LDAP://picard/" />

    Same error on all. My domain is windward.local and my SBS server (domain
    server) is the machine picard.

    ?????

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "David Thielen" wrote:

    > Hello;
    >
    > Ok, I tried:
    > <authentication mode="Forms">
    > <forms name=".ADAuthCookie" loginUrl="login.aspx">
    > </forms>
    > </authentication>
    > <authorization>
    > <deny users="?"/>
    > </authorization>
    > <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    > <providers>
    > <add name="AspNetActiveDirectoryMembershipProvider"
    > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > System.Web, Version=2.0.3600, Culture=neutral,
    > PublicKeyToken=b03f5f7f11d50a3a" />
    > </providers>
    > </membership>
    >
    > And got the error:
    > Parser Error Message: Could not load file or assembly 'System.Web,
    > Version=2.0.3600, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of
    > its dependencies. The system cannot find the file specified.
    >
    > Source Error:
    >
    >
    > Line 64: <providers>
    > Line 65: <add name="AspNetActiveDirectoryMembershipProvider"
    > Line 66:
    > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > Line 67: System.Web, Version=2.0.3600, Culture=neutral,
    > Line 68: PublicKeyToken=b03f5f7f11d50a3a" />
    >
    > Any ideas?
    >
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    >
    >
    > "Luke Zhang [MSFT]" wrote:
    >
    > > By default, it is ="AspNetActiveDirectoryMembershipProvider":
    > >
    > > http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectory
    > > membershipprovider.aspx
    > >
    > > Luke Zhang
    > > (This posting is provided "AS IS", with no warranties, and confers no
    > > rights.)
    > >
    > >
    David Thielen, Mar 13, 2006
    #9
  10. Hi;

    Also, I can connect using ldp to "picard.windward.local", "windward.local",
    and "picard".

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "David Thielen" wrote:

    > Hello;
    >
    > Ok, I tried:
    > <authentication mode="Forms">
    > <forms name=".ADAuthCookie" loginUrl="login.aspx">
    > </forms>
    > </authentication>
    > <authorization>
    > <deny users="?"/>
    > </authorization>
    > <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    > <providers>
    > <add name="AspNetActiveDirectoryMembershipProvider"
    > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > System.Web, Version=2.0.3600, Culture=neutral,
    > PublicKeyToken=b03f5f7f11d50a3a" />
    > </providers>
    > </membership>
    >
    > And got the error:
    > Parser Error Message: Could not load file or assembly 'System.Web,
    > Version=2.0.3600, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of
    > its dependencies. The system cannot find the file specified.
    >
    > Source Error:
    >
    >
    > Line 64: <providers>
    > Line 65: <add name="AspNetActiveDirectoryMembershipProvider"
    > Line 66:
    > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > Line 67: System.Web, Version=2.0.3600, Culture=neutral,
    > Line 68: PublicKeyToken=b03f5f7f11d50a3a" />
    >
    > Any ideas?
    >
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    >
    >
    > "Luke Zhang [MSFT]" wrote:
    >
    > > By default, it is ="AspNetActiveDirectoryMembershipProvider":
    > >
    > > http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectory
    > > membershipprovider.aspx
    > >
    > > Luke Zhang
    > > (This posting is provided "AS IS", with no warranties, and confers no
    > > rights.)
    > >
    > >
    David Thielen, Mar 13, 2006
    #10
  11. Can you post the whole section of <connectionStrings> and <membership > for
    us study?

    Thanks,

    Luke Zhang
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Mar 14, 2006
    #11
  12. Here is the entire Web.Config:

    <?xml version="1.0"?>
    <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <appSettings/>

    <connectionStrings>
    <add name="ADService" connectionString="LDAP://picard/" />
    <add name="WindwardPortal" connectionString="Data Source=BELLE;Initial
    Catalog=WindwardPortal;Integrated Security=True"
    providerName="System.Data.SqlClient" />
    </connectionStrings>

    <system.web>

    <roleManager enabled="true"/>
    <compilation debug="true">
    <assemblies>
    <add assembly="System.Security, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=B03F5F7F11D50A3A"/>
    </assemblies>
    </compilation>

    <pages theme="Portal"/>

    <authentication mode="Forms">
    <forms name=".ADAuthCookie" loginUrl="login.aspx">
    </forms>
    </authentication>
    <authorization>
    <deny users="?"/>
    </authorization>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    <providers>
    <add name="AspNetActiveDirectoryMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADService"
    />
    </providers>
    </membership>

    </system.web>
    </configuration>
    David Thielen, Mar 14, 2006
    #12
  13. Got it! I had to remove:
    <authentication mode="Forms">
    <forms name=".ADAuthCookie" loginUrl="login.aspx">
    </forms>
    </authentication>

    I don't know where I saw that but when I removed it, it worked. Do I need to
    have some kind of <authentication> tag for when it does have to prompt
    someone (they are not hitting it with IE from a domain computer)?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com
    David Thielen, Mar 14, 2006
    #13
  14. If you only add:

    <authentication mode="Forms" />

    Will it report same error?

    Luke Zhang
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Mar 14, 2006
    #14
  15. David Thielen

    Guest

    Hi Guys,
    I too getting same problem even if I specify <authentication
    mode="Forms" />.
    Parser Error Message: The specified connection string does not
    represent a valid LDAP adspath.

    I'm trying to reset the password for active directory but I 'm
    getting following problem if I remove backslash(/) from the
    LDAP://rmz.domain.local/
    "The Active Directory membership provider does not support password
    reset without password question and answer."

    else getting same problem as you stated.

    please help me out from this problem...
    , Mar 14, 2006
    #15
  16. Hello;

    If I have:

    <add name="ADService" connectionString="LDAP://picard.windward.local/" />

    ....

    <authentication mode="Forms">
    </authentication>
    <authorization>
    <deny users="?"/>
    </authorization>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    <providers>
    <add name="AspNetActiveDirectoryMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADService"
    />
    </providers>
    </membership>

    It goes to login.aspx and when I enter username/password and click login I
    get:

    Parser Error Message: The specified connection string does not represent a
    valid LDAP adspath.


    If I use:
    <authorization>
    <deny users="?"/>
    </authorization>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    <providers>
    <add name="AspNetActiveDirectoryMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADService"
    />
    </providers>
    </membership>

    then I get no login and my Context.User is WINDWARD\dave and authenticated
    via NTLM (this is good).

    But when I call Membership.GetUser() I get the exception:
    {"The specified connection string does not represent a valid LDAP adspath.
    (C:\\src\\portal\\web.config line
    49)"} System.Configuration.ConfigurationErrorsException

    Any ideas?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com
    David Thielen, Mar 15, 2006
    #16
  17. ps - I can use ldp.exe to get info from picard.windward.local on the same
    machine so that should work.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com
    David Thielen, Mar 15, 2006
    #17
  18. Did you enable full-trust policy for the ASP.NET application? The
    ActiveDirectoryMembershipProvider class requires unrestricted
    DirectoryServicesPermission permission to run. This permission is not added
    to any of the partial-trust policy files supplied with ASP.NET.

    Luke Zhang
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Mar 16, 2006
    #18
  19. No, how do I do that? And must it be full trust or just
    DirectoryServicesPermission?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com



    "Luke Zhang [MSFT]" wrote:

    > Did you enable full-trust policy for the ASP.NET application? The
    > ActiveDirectoryMembershipProvider class requires unrestricted
    > DirectoryServicesPermission permission to run. This permission is not added
    > to any of the partial-trust policy files supplied with ASP.NET.
    >
    > Luke Zhang
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    David Thielen, Mar 16, 2006
    #19
  20. maybe you should read a book about that...

    http://www.amazon.com/gp/product/B0...9087-8058353?_encoding=UTF8&v=glance&n=551440

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > No, how do I do that? And must it be full trust or just
    > DirectoryServicesPermission?
    >
    > "Luke Zhang [MSFT]" wrote:
    >
    >> Did you enable full-trust policy for the ASP.NET application? The
    >> ActiveDirectoryMembershipProvider class requires unrestricted
    >> DirectoryServicesPermission permission to run. This permission is not
    >> added to any of the partial-trust policy files supplied with ASP.NET.
    >>
    >> Luke Zhang
    >> (This posting is provided "AS IS", with no warranties, and confers no
    >> rights.
    Dominick Baier [DevelopMentor], Mar 16, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Arnel
    Replies:
    3
    Views:
    4,723
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=
    Oct 31, 2005
  2. Natan Vivo
    Replies:
    1
    Views:
    643
    Patrick.O.Ige
    Oct 31, 2005
  3. zxc
    Replies:
    0
    Views:
    131
  4. David Thielen

    Can't get ActiveDirectoryMembershipProvider to work

    David Thielen, Mar 5, 2006, in forum: ASP .Net Security
    Replies:
    7
    Views:
    194
    David Thielen
    Mar 7, 2006
  5. Xeno Campanoli
    Replies:
    1
    Views:
    343
    James Britt
    Jul 1, 2005
Loading...

Share This Page