C
Craig Wagner
Here's my configuration:
- ASP.NET application
- Windows XP Pro running IIS
-Vdir is configured to allow anonymous access
- Anonymous access account is my domain account (for testing purposes it's
quicker and easier to do this than to try to get another domain account set
up)
- Web application has impersonation turned on (i.e. <identity
impersonate="true" />)
My web.config contains:
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
connectionProtection="Secure"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
With the above configuration, when I hit the following line of code I get an
exception of "Logon failure: unknown user name or bad password."
Membership.ValidateUser( txtUsername.Text, txtPassword.Text );
If I change the web.config to the following, it works.
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
connectionUsername="mydomainaccount"
connectionPassword="mydomainpassword"
connectionProtection="Secure"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
What has me baffled is that everything I've read says that if you don't
supply the connectionUsername and connectionPassword it will use the process
identity to connect to AD. The process identity SHOULD be my domain account,
because that's the anonymous access account and impersonation is turned on,
and it obviously works when I use my domain account credentials.
- ASP.NET application
- Windows XP Pro running IIS
-Vdir is configured to allow anonymous access
- Anonymous access account is my domain account (for testing purposes it's
quicker and easier to do this than to try to get another domain account set
up)
- Web application has impersonation turned on (i.e. <identity
impersonate="true" />)
My web.config contains:
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
connectionProtection="Secure"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
With the above configuration, when I hit the following line of code I get an
exception of "Logon failure: unknown user name or bad password."
Membership.ValidateUser( txtUsername.Text, txtPassword.Text );
If I change the web.config to the following, it works.
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
connectionUsername="mydomainaccount"
connectionPassword="mydomainpassword"
connectionProtection="Secure"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
What has me baffled is that everything I've read says that if you don't
supply the connectionUsername and connectionPassword it will use the process
identity to connect to AD. The process identity SHOULD be my domain account,
because that's the anonymous access account and impersonation is turned on,
and it obviously works when I use my domain account credentials.