Forms Authentication with Active Directory

Discussion in 'ASP .Net Security' started by BigSam, Aug 31, 2007.

  1. BigSam

    BigSam Guest

    I have a number of remote users that connect to the domain through a VPN
    device. I need a simple process for them to be able to change their passwords
    - some of them only have http bookmarks. The VPN is configured to
    authenticate users with the Active Directory.
    I found this article: http://msdn2.microsoft.com/en-us/library/ms998360.aspx
    & followed along - I can do a little hacking, but I'm primarily a system/db
    admin.

    I can run the web page in the designer & it works fine, however, when I
    attempt to run it on the server, from another server in the domain, or from a
    bookmark on the VPN, I get an web.config configuration error, & the following
    line is highlighted:

    <authentication mode="Forms">

    I don't understand what's wrong. Is the web.config file case sensitive? Do
    the entries need to be in a specific order?

    If it will help, here is my entire web.config:
    <?xml version="1.0"?>
    <!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
    -->
    <configuration>
    <appSettings/>
    <connectionStrings>
    <add
    connectionString="LDAP://MyDomain.local/CN=Users,DC=MyDomain,DC=local"
    name="ADConnectionString"/>
    </connectionStrings>
    <system.web>
    <!--
    Set compilation debug="true" to insert debugging
    symbols into the compiled page. Because this
    affects performance, set this value to true only
    during development.
    -->
    <compilation debug="true"/>
    <!--
    The <authentication> section enables configuration
    of the security authentication mode used by
    ASP.NET to identify an incoming user.
    -->
    <authentication mode="Forms">
    <forms
    name=".ADAuthCookie"
    timeout="10" />
    </authentication>
    <authorization>
    <deny users="?" />
    <allow users="*" />
    </authorization>
    <membership defaultProvider="MyADMembershipProvider">
    <providers>
    <add
    name="MyADMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    attributeMapUsername="sAMAccountName"
    connectionStringName="ADConnectionString"
    connectionUsername="MyDomain\AdminUser"
    connectionPassword="LotsaLuck99$"/>
    </providers>
    </membership>
    <!--
    The <customErrors> section enables configuration
    of what to do if/when an unhandled error occurs
    during the execution of a request. Specifically,
    it enables developers to configure html error pages
    to be displayed in place of a error stack trace.

    <customErrors mode="RemoteOnly"
    defaultRedirect="GenericErrorPage.htm">
    <error statusCode="403" redirect="NoAccess.htm" />
    <error statusCode="404" redirect="FileNotFound.htm" />
    </customErrors>
    -->
    </system.web>
    </configuration>

    Thanks in advance
    BigSam, Aug 31, 2007
    #1
    1. Advertising

  2. which error.....?


    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > I have a number of remote users that connect to the domain through a
    > VPN device. I need a simple process for them to be able to change
    > their passwords - some of them only have http bookmarks. The VPN is
    > configured to authenticate users with the Active Directory. I found
    > this article: http://msdn2.microsoft.com/en-us/library/ms998360.aspx &
    > followed along - I can do a little hacking, but I'm primarily a
    > system/db admin.
    >
    > I can run the web page in the designer & it works fine, however, when
    > I attempt to run it on the server, from another server in the domain,
    > or from a bookmark on the VPN, I get an web.config configuration
    > error, & the following line is highlighted:
    >
    > <authentication mode="Forms">
    >
    > I don't understand what's wrong. Is the web.config file case
    > sensitive? Do the entries need to be in a specific order?
    >
    > If it will help, here is my entire web.config:
    > <?xml version="1.0"?>
    > <!--
    > Note: As an alternative to hand editing this file you can use the
    > web admin tool to configure settings for your application. Use
    > the Website->Asp.Net Configuration option in Visual Studio.
    > A full list of settings and comments can be found in
    > machine.config.comments usually located in
    > \Windows\Microsoft.Net\Framework\v2.x\Config
    > -->
    > <configuration>
    > <appSettings/>
    > <connectionStrings>
    > <add
    > connectionString="LDAP://MyDomain.local/CN=Users,DC=MyDomain,DC=local"
    > name="ADConnectionString"/>
    > </connectionStrings>
    > <system.web>
    > <!--
    > Set compilation debug="true" to insert debugging
    > symbols into the compiled page. Because this
    > affects performance, set this value to true only
    > during development.
    > -->
    > <compilation debug="true"/>
    > <!--
    > The <authentication> section enables configuration
    > of the security authentication mode used by
    > ASP.NET to identify an incoming user.
    > -->
    > <authentication mode="Forms">
    > <forms
    > name=".ADAuthCookie"
    > timeout="10" />
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > <allow users="*" />
    > </authorization>
    > <membership defaultProvider="MyADMembershipProvider">
    > <providers>
    > <add
    > name="MyADMembershipProvider"
    >
    > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > System.Web, Version=2.0.0.0,
    > Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > attributeMapUsername="sAMAccountName"
    > connectionStringName="ADConnectionString"
    > connectionUsername="MyDomain\AdminUser"
    > connectionPassword="LotsaLuck99$"/>
    > </providers>
    > </membership>
    > <!--
    > The <customErrors> section enables configuration
    > of what to do if/when an unhandled error occurs
    > during the execution of a request. Specifically,
    > it enables developers to configure html error pages
    > to be displayed in place of a error stack trace.
    > <customErrors mode="RemoteOnly"
    > defaultRedirect="GenericErrorPage.htm">
    > <error statusCode="403" redirect="NoAccess.htm" />
    > <error statusCode="404" redirect="FileNotFound.htm" />
    > </customErrors>
    > -->
    > </system.web>
    > </configuration>
    > Thanks in advance
    >
    Dominick Baier, Sep 1, 2007
    #2
    1. Advertising

  3. BigSam

    BigSam Guest

    web.config configuration error <authentication mode="Forms">

    "Dominick Baier" wrote:

    > which error.....?
    >
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    > Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
    >
    > > I have a number of remote users that connect to the domain through a
    > > VPN device. I need a simple process for them to be able to change
    > > their passwords - some of them only have http bookmarks. The VPN is
    > > configured to authenticate users with the Active Directory. I found
    > > this article: http://msdn2.microsoft.com/en-us/library/ms998360.aspx &
    > > followed along - I can do a little hacking, but I'm primarily a
    > > system/db admin.
    > >
    > > I can run the web page in the designer & it works fine, however, when
    > > I attempt to run it on the server, from another server in the domain,
    > > or from a bookmark on the VPN, I get an web.config configuration
    > > error, & the following line is highlighted:
    > >
    > > <authentication mode="Forms">
    > >
    > > I don't understand what's wrong. Is the web.config file case
    > > sensitive? Do the entries need to be in a specific order?
    > >
    > > If it will help, here is my entire web.config:
    > > <?xml version="1.0"?>
    > > <!--
    > > Note: As an alternative to hand editing this file you can use the
    > > web admin tool to configure settings for your application. Use
    > > the Website->Asp.Net Configuration option in Visual Studio.
    > > A full list of settings and comments can be found in
    > > machine.config.comments usually located in
    > > \Windows\Microsoft.Net\Framework\v2.x\Config
    > > -->
    > > <configuration>
    > > <appSettings/>
    > > <connectionStrings>
    > > <add
    > > connectionString="LDAP://MyDomain.local/CN=Users,DC=MyDomain,DC=local"
    > > name="ADConnectionString"/>
    > > </connectionStrings>
    > > <system.web>
    > > <!--
    > > Set compilation debug="true" to insert debugging
    > > symbols into the compiled page. Because this
    > > affects performance, set this value to true only
    > > during development.
    > > -->
    > > <compilation debug="true"/>
    > > <!--
    > > The <authentication> section enables configuration
    > > of the security authentication mode used by
    > > ASP.NET to identify an incoming user.
    > > -->
    > > <authentication mode="Forms">
    > > <forms
    > > name=".ADAuthCookie"
    > > timeout="10" />
    > > </authentication>
    > > <authorization>
    > > <deny users="?" />
    > > <allow users="*" />
    > > </authorization>
    > > <membership defaultProvider="MyADMembershipProvider">
    > > <providers>
    > > <add
    > > name="MyADMembershipProvider"
    > >
    > > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > > System.Web, Version=2.0.0.0,
    > > Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > > attributeMapUsername="sAMAccountName"
    > > connectionStringName="ADConnectionString"
    > > connectionUsername="MyDomain\AdminUser"
    > > connectionPassword="LotsaLuck99$"/>
    > > </providers>
    > > </membership>
    > > <!--
    > > The <customErrors> section enables configuration
    > > of what to do if/when an unhandled error occurs
    > > during the execution of a request. Specifically,
    > > it enables developers to configure html error pages
    > > to be displayed in place of a error stack trace.
    > > <customErrors mode="RemoteOnly"
    > > defaultRedirect="GenericErrorPage.htm">
    > > <error statusCode="403" redirect="NoAccess.htm" />
    > > <error statusCode="404" redirect="FileNotFound.htm" />
    > > </customErrors>
    > > -->
    > > </system.web>
    > > </configuration>
    > > Thanks in advance
    > >

    >
    >
    >
    BigSam, Sep 1, 2007
    #3
  4. BigSam

    BigSam Guest

    Silly me - I forgot to set the Application Name in IIS Manager.

    "BigSam" wrote:

    > web.config configuration error <authentication mode="Forms">
    >
    > "Dominick Baier" wrote:
    >
    > > which error.....?
    > >
    > >
    > > -----
    > > Dominick Baier (http://www.leastprivilege.com)
    > >
    > > Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
    > >
    > > > I have a number of remote users that connect to the domain through a
    > > > VPN device. I need a simple process for them to be able to change
    > > > their passwords - some of them only have http bookmarks. The VPN is
    > > > configured to authenticate users with the Active Directory. I found
    > > > this article: http://msdn2.microsoft.com/en-us/library/ms998360.aspx &
    > > > followed along - I can do a little hacking, but I'm primarily a
    > > > system/db admin.
    > > >
    > > > I can run the web page in the designer & it works fine, however, when
    > > > I attempt to run it on the server, from another server in the domain,
    > > > or from a bookmark on the VPN, I get an web.config configuration
    > > > error, & the following line is highlighted:
    > > >
    > > > <authentication mode="Forms">
    > > >
    > > > I don't understand what's wrong. Is the web.config file case
    > > > sensitive? Do the entries need to be in a specific order?
    > > >
    > > > If it will help, here is my entire web.config:
    > > > <?xml version="1.0"?>
    > > > <!--
    > > > Note: As an alternative to hand editing this file you can use the
    > > > web admin tool to configure settings for your application. Use
    > > > the Website->Asp.Net Configuration option in Visual Studio.
    > > > A full list of settings and comments can be found in
    > > > machine.config.comments usually located in
    > > > \Windows\Microsoft.Net\Framework\v2.x\Config
    > > > -->
    > > > <configuration>
    > > > <appSettings/>
    > > > <connectionStrings>
    > > > <add
    > > > connectionString="LDAP://MyDomain.local/CN=Users,DC=MyDomain,DC=local"
    > > > name="ADConnectionString"/>
    > > > </connectionStrings>
    > > > <system.web>
    > > > <!--
    > > > Set compilation debug="true" to insert debugging
    > > > symbols into the compiled page. Because this
    > > > affects performance, set this value to true only
    > > > during development.
    > > > -->
    > > > <compilation debug="true"/>
    > > > <!--
    > > > The <authentication> section enables configuration
    > > > of the security authentication mode used by
    > > > ASP.NET to identify an incoming user.
    > > > -->
    > > > <authentication mode="Forms">
    > > > <forms
    > > > name=".ADAuthCookie"
    > > > timeout="10" />
    > > > </authentication>
    > > > <authorization>
    > > > <deny users="?" />
    > > > <allow users="*" />
    > > > </authorization>
    > > > <membership defaultProvider="MyADMembershipProvider">
    > > > <providers>
    > > > <add
    > > > name="MyADMembershipProvider"
    > > >
    > > > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > > > System.Web, Version=2.0.0.0,
    > > > Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > > > attributeMapUsername="sAMAccountName"
    > > > connectionStringName="ADConnectionString"
    > > > connectionUsername="MyDomain\AdminUser"
    > > > connectionPassword="LotsaLuck99$"/>
    > > > </providers>
    > > > </membership>
    > > > <!--
    > > > The <customErrors> section enables configuration
    > > > of what to do if/when an unhandled error occurs
    > > > during the execution of a request. Specifically,
    > > > it enables developers to configure html error pages
    > > > to be displayed in place of a error stack trace.
    > > > <customErrors mode="RemoteOnly"
    > > > defaultRedirect="GenericErrorPage.htm">
    > > > <error statusCode="403" redirect="NoAccess.htm" />
    > > > <error statusCode="404" redirect="FileNotFound.htm" />
    > > > </customErrors>
    > > > -->
    > > > </system.web>
    > > > </configuration>
    > > > Thanks in advance
    > > >

    > >
    > >
    > >
    BigSam, Sep 3, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. techfuzz
    Replies:
    1
    Views:
    1,323
    Yan-Hong Huang[MSFT]
    Aug 12, 2003
  2. Marty Underwood

    Forms Authentication +Active Directory +Roles

    Marty Underwood, Oct 29, 2003, in forum: ASP .Net
    Replies:
    4
    Views:
    698
    Marty Underwood
    Oct 30, 2003
  3. - Steve -
    Replies:
    7
    Views:
    2,355
    - Steve -
    Jun 4, 2004
  4. =?Utf-8?B?RWdiZXJ0?=

    Asp.Net Forms authentication using Active Directory

    =?Utf-8?B?RWdiZXJ0?=, Nov 3, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    527
    =?Utf-8?B?RWdiZXJ0?=
    Nov 3, 2004
  5. Tdar
    Replies:
    2
    Views:
    8,892
    Arnel
    Oct 11, 2005
Loading...

Share This Page