Unable to establish secure connection with the server

[Jerry C]

I am trying to use ActivedirectoryMembershipProvider in membership using
Asp.net 2.0, VS2005. I am getting the error "Unable to establish secure
connection with the server" . The server is a standalone server Windows
server 2003. The server name is CDCROTTY The connection string is

<add name="ADConnectionString"
connectionString="LDAP://192.168.221.246/CN=Users,DC=CDCROTTY" />

I also used the connection string

<add name="ADConnectionString"
connectionString="LDAP://CDCROTTY/CN=Users,DC=CDCROTTY" />

I am wondering if I can even use AD on a standalone server. and if I can
what is the connection string.

 

[Dominick Baier [DevelopMentor]]

have you supplied credentials in the config for the AD provider?

 

[Jerry C]

Thank you for the reply.

This is the proveder I am using


<membership defaultProvider="CDProvider">
<providers>
<add name="CDProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="CDCROTTY\crottyj"
connectionPassword="bow333"/>
</providers>
</membership>

The user is in the administrators group.

This is the connection string

<add name="ADConnectionString"
connectionString="LDAP://192.168.221.246:389/CN=Users,DC=CDCROTTY" />
Thank you,

 

[Luke Zhang [MSFT]]

Hello Jerry,

The ActiveDirectoryMembershipProvider class requires unrestricted
DirectoryServicesPermission permission to run. This permission is not added
to any of the partial-trust policy files supplied with ASP.NET. In order to
use the ActiveDirectoryMembershipProvider, you can grant your web
application Full-trust level:

http://support.microsoft.com/default.aspx?scid=kb;en-us;815147

Hope this help,


Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Jerry C]

Luke,
Thanks for the reply.

I tried to used the procedure in Article 815147 but when I get to step 5 the
wizard wants a assembly. The applicaion is a Web app and now only has .aspx
and .aspx.vb files and no assemblies.
I have
<trust level="Full" originUrl="" />
in the web.config file.

Can there be anything else I can do.

Thank you.

 

[Luke Zhang [MSFT]]

Hello Jerry,

<trust level="Full" originUrl="" /> will also do the trick. Does the stand
alone server join the domain?

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Dominick Baier [DevelopMentor]]

not sure what "Unable to establish secure connection with the server" has
to do with CAS - that would be a security exception....

 

[Jerry C]

No the Standalone server does not join a domain. This may be why
ActivedirectoryMembershipProvider does not work. This may lead to the next
question. How do I login a user to the standalone server from the webapp. I
would also like those users that are on the internal network and using IE to
validate without logging in using windows intergrated and those not using IE
to login from a custom login page and not the server popup. I have been using
the SQL membership until now but I want to use Sharepoint Services sites and
they need a loged in user for personalization and roles. I don't think that
Sharepoint will use membership for this. I also don't want the user to login
more than once.

Thank you for your replys.

 

[Luke Zhang [MSFT]]

Hello Jerry,

I found this issue is related to another thread from you, so I replied same
in the two threads:

The login popup dialog is generated by IE and IIS. When we see the dialog,
the web application is not really "touched": when we enable the windows
authentication, IIS will require IE send windows authentication token, if
IIS didn't find one (for example, a user from unknown AD), it will return
IE an error message, and the login popup dialog will be displayed in IE.
So, what we can do in the ASP.NET application, wouldn't change this
behavior.

How about this: you may have a main "entry" form, user can select his
source by himself, for example, he can select if he is a user with
companion account, or a AD user which need to be authenticated with form.
If user select "companion account", you may redirect him to a windows
authentication webform. For others, redirect him to a login form.

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)