Forms Authentication against ADAM

Discussion in 'ASP .Net Security' started by gely, Sep 12, 2006.

  1. gely

    gely Guest

    Using .NET 2.0

    I need to be able to authenticate against an instance of ADAM from an
    internet browser. At the moment, I am assuming forms based authentication.
    Here is what I have so far:

    ADAM is installed on my local workstation (XP Pro).
    The web site is on a server (Win2K3).
    Using web based forms authentication:
    - I can successfully authenticate to the active directory (domain) using an
    appropriate membership provider (web.config)
    - I am able to TRY to authenticate to the ADAM instance using an
    appropriately permissioned ADAM ID in the membership provider (web.config)
    - I say “TRY†because no matter what User Name I use in the forms
    authentication app (login.aspx) the result is the login form reporting an
    unsuccessful login attempt.
    - I am pretty sure I am hitting the correct connection because:
    1. the connectionUsername (in the web.config membership provider)
    is NOT a member of the domain
    2. a good password (for the connectionUsername in the membership
    provider) results in a login form message indicating a failed login attempt
    3. a bad password (for the connectionUsername in the membership
    provider) results in an application error: “Logon failure: unknown user name
    or bad passwordâ€

    Additional Information:

    I believe my problem is a result of not using a correctly formatted name
    when trying to authenticate against ADAM. According to the MSDN developer
    article "How To Use Forms Authentication with Active Directory in ASP.NET
    2.0" you have to use the UserName@DomainName formatting when the
    attributeMapUsername is set to “userPrincipalNameâ€. (I tried using
    attributeMapUsername="sAMAccountName" but received the application error
    message: “The property 'attributeMapUsername' must be mapped to
    'userPrincipalName'â€. Not sure what's up with that.)

    So… assuming I have everything else in line at this point, my current
    question is:

    How does one format a UserName, for forms based authentication via ADAM, to
    use the userPrincipalName setting?

    Example: How do I format my test user ID (CN=Test,OU=ADAM Users,O=HR,C=US)
    to fit the UserName@DomainName formatting?

    Also: Is there another (better?) way to do this?

    - Thanks,
    Geoff -
     
    gely, Sep 12, 2006
    #1
    1. Advertising

  2. gely

    Joe Kaplan Guest

    Did you try setting the userPrincipalName attribute in ADAM? The user
    schema included with ADAM has that attribute.

    It is generally a good idea to avoid using the DN syntax, as that is a lot
    for a user to remember and type in and reveals a lot about your directory
    structure that they don't need to know.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "gely" <> wrote in message
    news:...
    > Using .NET 2.0
    >
    > I need to be able to authenticate against an instance of ADAM from an
    > internet browser. At the moment, I am assuming forms based
    > authentication.
    > Here is what I have so far:
    >
    > ADAM is installed on my local workstation (XP Pro).
    > The web site is on a server (Win2K3).
    > Using web based forms authentication:
    > - I can successfully authenticate to the active directory (domain) using
    > an
    > appropriate membership provider (web.config)
    > - I am able to TRY to authenticate to the ADAM instance using an
    > appropriately permissioned ADAM ID in the membership provider (web.config)
    > - I say "TRY" because no matter what User Name I use in the forms
    > authentication app (login.aspx) the result is the login form reporting an
    > unsuccessful login attempt.
    > - I am pretty sure I am hitting the correct connection because:
    > 1. the connectionUsername (in the web.config membership provider)
    > is NOT a member of the domain
    > 2. a good password (for the connectionUsername in the membership
    > provider) results in a login form message indicating a failed login
    > attempt
    > 3. a bad password (for the connectionUsername in the membership
    > provider) results in an application error: "Logon failure: unknown user
    > name
    > or bad password"
    >
    > Additional Information:
    >
    > I believe my problem is a result of not using a correctly formatted name
    > when trying to authenticate against ADAM. According to the MSDN developer
    > article "How To Use Forms Authentication with Active Directory in ASP.NET
    > 2.0" you have to use the UserName@DomainName formatting when the
    > attributeMapUsername is set to "userPrincipalName". (I tried using
    > attributeMapUsername="sAMAccountName" but received the application error
    > message: "The property 'attributeMapUsername' must be mapped to
    > 'userPrincipalName'". Not sure what's up with that.)
    >
    > So. assuming I have everything else in line at this point, my current
    > question is:
    >
    > How does one format a UserName, for forms based authentication via ADAM,
    > to
    > use the userPrincipalName setting?
    >
    > Example: How do I format my test user ID (CN=Test,OU=ADAM Users,O=HR,C=US)
    > to fit the UserName@DomainName formatting?
    >
    > Also: Is there another (better?) way to do this?
    >
    > - Thanks,
    > Geoff -
     
    Joe Kaplan, Sep 12, 2006
    #2
    1. Advertising

  3. gely

    gely Guest

    Joe,

    Works like a charm.

    Being a newbie to ADAM, I was unaware of the userPrincipalName attribute for
    users. I (only half-heartedly) looked for something similar earlier, but,
    obviously, didn't find this.

    Your assistance is MOST appreciated.

    "I love it when a plan comes together." - George Peppard

    - Thanks,
    Geoff -

    "Joe Kaplan" wrote:

    > Did you try setting the userPrincipalName attribute in ADAM? The user
    > schema included with ADAM has that attribute.
    >
    > It is generally a good idea to avoid using the DN syntax, as that is a lot
    > for a user to remember and type in and reveals a lot about your directory
    > structure that they don't need to know.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > http://www.directoryprogramming.net
    > --
    > "gely" <> wrote in message
    > news:...
    > > Using .NET 2.0
    > >
    > > I need to be able to authenticate against an instance of ADAM from an
    > > internet browser. At the moment, I am assuming forms based
    > > authentication.
    > > Here is what I have so far:
    > >
    > > ADAM is installed on my local workstation (XP Pro).
    > > The web site is on a server (Win2K3).
    > > Using web based forms authentication:
    > > - I can successfully authenticate to the active directory (domain) using
    > > an
    > > appropriate membership provider (web.config)
    > > - I am able to TRY to authenticate to the ADAM instance using an
    > > appropriately permissioned ADAM ID in the membership provider (web.config)
    > > - I say "TRY" because no matter what User Name I use in the forms
    > > authentication app (login.aspx) the result is the login form reporting an
    > > unsuccessful login attempt.
    > > - I am pretty sure I am hitting the correct connection because:
    > > 1. the connectionUsername (in the web.config membership provider)
    > > is NOT a member of the domain
    > > 2. a good password (for the connectionUsername in the membership
    > > provider) results in a login form message indicating a failed login
    > > attempt
    > > 3. a bad password (for the connectionUsername in the membership
    > > provider) results in an application error: "Logon failure: unknown user
    > > name
    > > or bad password"
    > >
    > > Additional Information:
    > >
    > > I believe my problem is a result of not using a correctly formatted name
    > > when trying to authenticate against ADAM. According to the MSDN developer
    > > article "How To Use Forms Authentication with Active Directory in ASP.NET
    > > 2.0" you have to use the UserName@DomainName formatting when the
    > > attributeMapUsername is set to "userPrincipalName". (I tried using
    > > attributeMapUsername="sAMAccountName" but received the application error
    > > message: "The property 'attributeMapUsername' must be mapped to
    > > 'userPrincipalName'". Not sure what's up with that.)
    > >
    > > So. assuming I have everything else in line at this point, my current
    > > question is:
    > >
    > > How does one format a UserName, for forms based authentication via ADAM,
    > > to
    > > use the userPrincipalName setting?
    > >
    > > Example: How do I format my test user ID (CN=Test,OU=ADAM Users,O=HR,C=US)
    > > to fit the UserName@DomainName formatting?
    > >
    > > Also: Is there another (better?) way to do this?
    > >
    > > - Thanks,
    > > Geoff -

    >
    >
    >
     
    gely, Sep 12, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RQ==?=
    Replies:
    0
    Views:
    1,058
    =?Utf-8?B?RQ==?=
    Nov 17, 2005
  2. Bill Belliveau

    ADAM authentication

    Bill Belliveau, Jan 31, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    235
    Bill Belliveau
    Feb 3, 2004
  3. Lorenzo Soncini

    Authentication in ADAM

    Lorenzo Soncini, Dec 24, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    210
    Patrick Olurotimi Ige
    Dec 28, 2004
  4. Ann

    window authentication against ADAM users

    Ann, Jan 24, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    148
    Joe Kaplan \(MVP - ADSI\)
    Jan 24, 2005
  5. Replies:
    0
    Views:
    156
Loading...

Share This Page