C
Charlotte
Hi,
I have an ASP.NET 2.0 web application, which is configured to use
Forms-based authentication and the ActiveDirectoryMembershipProvider for the
membership.
The users are stored in ADAM.
Everything was working properly until I wanted to add the password reset
functionality.
I extended the user schema to add the attributes necessary, and my
web.config is:
<connectionStrings>
<add name="myADAMConnectionString"
connectionString="LDAP://localhost:61000/OU=Users,OU=Matrix5,O=Extranet"/>
</connectionStrings>
<system.web>
<membership defaultProvider="MyCustomProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add
name="MyCustomProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="myADAMConnectionString"
attributeMapUsername="userPrincipalName"
attributeMapEmail="mail"
connectionUsername="CN=MembershipProvider,OU=Users,OU=Matrix5,O=Extranet"
connectionPassword="DataJungle!"
connectionProtection="None"
enableSearchMethods="true"
requiresQuestionAndAnswer="true"
attributeMapPasswordQuestion="blPasswordQuestion"
attributeMapPasswordAnswer="blPasswordAnswer"
attributeMapFailedPasswordAnswerCount="blFailedPasswordAnswerCount"
attributeMapFailedPasswordAnswerTime="blFailedPasswordAnswerTime"
attributeMapFailedPassswordAnswerLockoutTime="blFailedPassswordAnswerLockoutTime"
maxInvalidPasswordAttemps="5"
passwordAttemptWindow="10"
passwordAnswerAttemptLockoutDuration="30"
requiresUniqueEmail="true"
enablePasswordReset="true"
/>
</providers>
</membership>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="30"
name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="matrix.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<trust level="Full"/>
</system.web>
When I log into the application, I get a configuration error:
Description: An error occurred during the processing of a configuration
file required to service this request. Please review the specific error
details below and modify your configuration file appropriately.
Parser Error Message: Attribute schema mappings for bad password answer
tracking must be specified to enable password reset functionality.
Source Error:
Line 58: <add
Line 59: name="MyCustomProvider"
Line 60: type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
Line 61: connectionStringName="myADAMConnectionString"
Line 62: attributeMapUsername="userPrincipalName"
Source File: D:\Charlotte\web.config Line: 60
I don't understand why this doesn't work, as I can verify in ADAM-adsiedit
that the user I'm logging in as has the attributes blPasswordQuestion
(Unicode String), blPasswordAnswer (Unicode String),
blFailedPasswordAnswerCount (Integer), blFailedPasswordAnswerTime (Large
Integer/Interval), blFailedPassswordAnswerLockoutTime (Large
Integer/Interval).
Can you please help me figure out what is wrong with my configuration?
Thanks
Charlotte
I have an ASP.NET 2.0 web application, which is configured to use
Forms-based authentication and the ActiveDirectoryMembershipProvider for the
membership.
The users are stored in ADAM.
Everything was working properly until I wanted to add the password reset
functionality.
I extended the user schema to add the attributes necessary, and my
web.config is:
<connectionStrings>
<add name="myADAMConnectionString"
connectionString="LDAP://localhost:61000/OU=Users,OU=Matrix5,O=Extranet"/>
</connectionStrings>
<system.web>
<membership defaultProvider="MyCustomProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add
name="MyCustomProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="myADAMConnectionString"
attributeMapUsername="userPrincipalName"
attributeMapEmail="mail"
connectionUsername="CN=MembershipProvider,OU=Users,OU=Matrix5,O=Extranet"
connectionPassword="DataJungle!"
connectionProtection="None"
enableSearchMethods="true"
requiresQuestionAndAnswer="true"
attributeMapPasswordQuestion="blPasswordQuestion"
attributeMapPasswordAnswer="blPasswordAnswer"
attributeMapFailedPasswordAnswerCount="blFailedPasswordAnswerCount"
attributeMapFailedPasswordAnswerTime="blFailedPasswordAnswerTime"
attributeMapFailedPassswordAnswerLockoutTime="blFailedPassswordAnswerLockoutTime"
maxInvalidPasswordAttemps="5"
passwordAttemptWindow="10"
passwordAnswerAttemptLockoutDuration="30"
requiresUniqueEmail="true"
enablePasswordReset="true"
/>
</providers>
</membership>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="30"
name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="matrix.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<trust level="Full"/>
</system.web>
When I log into the application, I get a configuration error:
Description: An error occurred during the processing of a configuration
file required to service this request. Please review the specific error
details below and modify your configuration file appropriately.
Parser Error Message: Attribute schema mappings for bad password answer
tracking must be specified to enable password reset functionality.
Source Error:
Line 58: <add
Line 59: name="MyCustomProvider"
Line 60: type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
Line 61: connectionStringName="myADAMConnectionString"
Line 62: attributeMapUsername="userPrincipalName"
Source File: D:\Charlotte\web.config Line: 60
I don't understand why this doesn't work, as I can verify in ADAM-adsiedit
that the user I'm logging in as has the attributes blPasswordQuestion
(Unicode String), blPasswordAnswer (Unicode String),
blFailedPasswordAnswerCount (Integer), blFailedPasswordAnswerTime (Large
Integer/Interval), blFailedPassswordAnswerLockoutTime (Large
Integer/Interval).
Can you please help me figure out what is wrong with my configuration?
Thanks
Charlotte