MembershipProvider and ADAM

Discussion in 'ASP .Net Security' started by Guest, Aug 28, 2006.

  1. Guest

    Guest Guest

    Hello,
    I am trying to find the simplest way to work with ADAM (or any other AD)
    and I have discovered the MembershipProvider class.... seems like it is
    doing just about everything I need.
    So, my project is developed on Windows XP, VS 2005 C# and I am not
    targeting ASP.... but seems like this is the best forum for my question.

    Here is my configuration file:
    <configuration>
    <connectionStrings>
    <add name="AdamConnectionString"
    connectionString="LDAP://localhost:389/O=Microsoft,C=US"/>
    </connectionStrings>
    <system.web>
    <membership defaultProvider="MyADMembershipProvider">
    <providers>
    <add
    name="MyADMembershipProvider"
    connectionStringName="AdamConnectionString"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a"
    description="ADAM Provider"
    connectionProtection="None" />
    </providers>
    </membership>
    </system.web>
    </configuration>

    In my code, I try to get the membership provider like so:
    MembershipProvider provider =
    (MembershipProvider)Membership.Providers["MyADMembershipProvider"];

    And I get this error: "Unable to establish secure connection with the
    server using SSL."

    I have tried different combination, nothing works. Funny becuase if I use
    the DirectoryServices classes, I can easily enumerate the content of my ADAM
    store.

    Is there an article or some reference somewhere to get me started with
    providers and ADAM?

    Thank you

    -Martin
     
    Guest, Aug 28, 2006
    #1
    1. Advertising

  2. Hello Martin,

    As for the following error you encountered when using the AD membership
    provider.

    ====================
    "Unable to establish secure connection with the server using SSL."
    ====================

    Since I'm not sure about your local AD environment, assume that the LDAP
    connectionstring has no problem. Based on my research, it is likely the AD
    membership provider has choosed to use SSL connection to access AD server.
    And this is done when we configured the AD membership provider's
    "connectionProtetion" as "secured". However, from the configuration
    section you pasted, you've already set the "connectionProtection" as
    "None".

    Another one I found in your configuration fragement is that you haven't
    explicitly provide the "connectionUsername" and "connectionPassword" in the
    provider element, based on my research, the username/password is required
    when we use "connectionProtection="None"". You can have a look at the
    following article which has mentioned the AD connectionstring and provider
    configuration:


    #How To: Use Membership in ASP.NET 2.0
    http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000022.asp?frame=tr
    ue

    I've tried both connectionProtection with "Secure" and "None" and both of
    them work correctly. e.g.

    ========================
    <add name="ADAMMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0,
    Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADConnectionString"
    enableSearchMethods="true"
    connectionProtection="None"

    connectionUsername="username"
    connectionPassword="password"

    ></add>

    ==============================

    or

    ====================
    <add name="ADAMMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0,
    Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADConnectionString"
    enableSearchMethods="true"
    connectionProtection="Secure"

    connectionUsername=""
    connectionPassword="sc@1982!!1"

    ></add>

    =======================


    BTW, have you also tried using the connectionstring to the remote AD users
    store in your environment:

    LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com

    as mentioned in the above article to see whether it works.

    Here are some other articles which has described using ASP.NET 2.0
    membership/ role management service:


    #ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
    Resources
    http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C0
    0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx

    Please feel free to let me know if you have any further finding.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Aug 29, 2006
    #2
    1. Advertising

  3. Guest

    Guest Guest

    Thank you Steven,
    I'll have a look at what you sent.

    -Martin

    "Steven Cheng[MSFT]" <> wrote in message
    news:...
    > Hello Martin,
    >
    > As for the following error you encountered when using the AD membership
    > provider.
    >
    > ====================
    > "Unable to establish secure connection with the server using SSL."
    > ====================
    >
    > Since I'm not sure about your local AD environment, assume that the LDAP
    > connectionstring has no problem. Based on my research, it is likely the AD
    > membership provider has choosed to use SSL connection to access AD server.
    > And this is done when we configured the AD membership provider's
    > "connectionProtetion" as "secured". However, from the configuration
    > section you pasted, you've already set the "connectionProtection" as
    > "None".
    >
    > Another one I found in your configuration fragement is that you haven't
    > explicitly provide the "connectionUsername" and "connectionPassword" in
    > the
    > provider element, based on my research, the username/password is required
    > when we use "connectionProtection="None"". You can have a look at the
    > following article which has mentioned the AD connectionstring and provider
    > configuration:
    >
    >
    > #How To: Use Membership in ASP.NET 2.0
    > http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000022.asp?frame=tr
    > ue
    >
    > I've tried both connectionProtection with "Secure" and "None" and both of
    > them work correctly. e.g.
    >
    > ========================
    > <add name="ADAMMembershipProvider"
    > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > System.Web, Version=2.0.0.0,
    > Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
    > connectionStringName="ADConnectionString"
    > enableSearchMethods="true"
    > connectionProtection="None"
    >
    > connectionUsername="username"
    > connectionPassword="password"
    >
    > ></add>

    > ==============================
    >
    > or
    >
    > ====================
    > <add name="ADAMMembershipProvider"
    > type="System.Web.Security.ActiveDirectoryMembershipProvider,
    > System.Web, Version=2.0.0.0,
    > Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
    > connectionStringName="ADConnectionString"
    > enableSearchMethods="true"
    > connectionProtection="Secure"
    >
    > connectionUsername=""
    > connectionPassword="sc@1982!!1"
    >
    >></add>

    > =======================
    >
    >
    > BTW, have you also tried using the connectionstring to the remote AD users
    > store in your environment:
    >
    > LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com
    >
    > as mentioned in the above article to see whether it works.
    >
    > Here are some other articles which has described using ASP.NET 2.0
    > membership/ role management service:
    >
    >
    > #ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
    > Resources
    > http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C0
    > 0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
    >
    > Please feel free to let me know if you have any further finding.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > ==================================================
    >
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    >
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >
    > ==================================================
    >
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    >
     
    Guest, Aug 29, 2006
    #3
  4. Hi Martin,

    I've found your another new thread "MembershipProvider, ADAM and userProxy"
    in this newsgroup. Have you got the problem in this thread resolved?
    Anyway, if you feel convenient that we continue to discuss in that thread,
    please feel free to followup there.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Aug 30, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Herman \(Parallelspace\)

    ASP.NET 2.0, MS AD/ADAM and Authorization Manager (AzMan)

    Michael Herman \(Parallelspace\), Jul 6, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    898
    Michael Herman \(Parallelspace\)
    Jul 9, 2005
  2. Graham
    Replies:
    5
    Views:
    1,751
    Steven Cheng[MSFT]
    Nov 9, 2005
  3. =?Utf-8?B?SmFtZXMgQ29sZW1hbg==?=

    ADAM and AzMan with ASP.NET 2.0

    =?Utf-8?B?SmFtZXMgQ29sZW1hbg==?=, Feb 24, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    600
    =?Utf-8?B?SmFtZXMgQ29sZW1hbg==?=
    Feb 24, 2006
  4. Leeor Chernov

    MemberShipProvider And Windows Auth

    Leeor Chernov, Jun 18, 2007, in forum: ASP .Net
    Replies:
    0
    Views:
    364
    Leeor Chernov
    Jun 18, 2007
  5. Guest

    MembershipProvider, ADAM and userProxy

    Guest, Aug 29, 2006, in forum: ASP .Net Security
    Replies:
    13
    Views:
    522
    Gary Murchison
    Oct 27, 2006
Loading...

Share This Page