Unable to establish secure connection with the server

Discussion in 'ASP .Net Security' started by Jerry C, Jun 13, 2006.

  1. Jerry C

    Jerry C Guest

    I am trying to use ActivedirectoryMembershipProvider in membership using
    Asp.net 2.0, VS2005. I am getting the error "Unable to establish secure
    connection with the server" . The server is a standalone server Windows
    server 2003. The server name is CDCROTTY The connection string is

    <add name="ADConnectionString"
    connectionString="LDAP://192.168.221.246/CN=Users,DC=CDCROTTY" />

    I also used the connection string

    <add name="ADConnectionString"
    connectionString="LDAP://CDCROTTY/CN=Users,DC=CDCROTTY" />

    I am wondering if I can even use AD on a standalone server. and if I can
    what is the connection string.
     
    Jerry C, Jun 13, 2006
    #1
    1. Advertisements

  2. have you supplied credentials in the config for the AD provider?
     
    Dominick Baier [DevelopMentor], Jun 13, 2006
    #2
    1. Advertisements

  3. Jerry C

    Jerry C Guest

    Thank you for the reply.

    This is the proveder I am using


    <membership defaultProvider="CDProvider">
    <providers>
    <add name="CDProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider,
    System.Web, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="ADConnectionString"
    connectionUsername="CDCROTTY\crottyj"
    connectionPassword="bow333"/>
    </providers>
    </membership>

    The user is in the administrators group.

    This is the connection string

    <add name="ADConnectionString"
    connectionString="LDAP://192.168.221.246:389/CN=Users,DC=CDCROTTY" />
    Thank you,
     
    Jerry C, Jun 13, 2006
    #3
  4. Hello Jerry,

    The ActiveDirectoryMembershipProvider class requires unrestricted
    DirectoryServicesPermission permission to run. This permission is not added
    to any of the partial-trust policy files supplied with ASP.NET. In order to
    use the ActiveDirectoryMembershipProvider, you can grant your web
    application Full-trust level:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;815147

    Hope this help,


    Luke Zhang
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Luke Zhang [MSFT], Jun 14, 2006
    #4
  5. Jerry C

    Jerry C Guest

    Luke,
    Thanks for the reply.

    I tried to used the procedure in Article 815147 but when I get to step 5 the
    wizard wants a assembly. The applicaion is a Web app and now only has .aspx
    and .aspx.vb files and no assemblies.
    I have
    <trust level="Full" originUrl="" />
    in the web.config file.

    Can there be anything else I can do.

    Thank you.
     
    Jerry C, Jun 14, 2006
    #5
  6. Hello Jerry,

    <trust level="Full" originUrl="" /> will also do the trick. Does the stand
    alone server join the domain?

    Regards,

    Luke Zhang
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Luke Zhang [MSFT], Jun 15, 2006
    #6
  7. not sure what "Unable to establish secure connection with the server" has
    to do with CAS - that would be a security exception....
     
    Dominick Baier [DevelopMentor], Jun 15, 2006
    #7
  8. Jerry C

    Jerry C Guest

    No the Standalone server does not join a domain. This may be why
    ActivedirectoryMembershipProvider does not work. This may lead to the next
    question. How do I login a user to the standalone server from the webapp. I
    would also like those users that are on the internal network and using IE to
    validate without logging in using windows intergrated and those not using IE
    to login from a custom login page and not the server popup. I have been using
    the SQL membership until now but I want to use Sharepoint Services sites and
    they need a loged in user for personalization and roles. I don't think that
    Sharepoint will use membership for this. I also don't want the user to login
    more than once.

    Thank you for your replys.
     
    Jerry C, Jun 15, 2006
    #8
  9. Hello Jerry,

    I found this issue is related to another thread from you, so I replied same
    in the two threads:

    The login popup dialog is generated by IE and IIS. When we see the dialog,
    the web application is not really "touched": when we enable the windows
    authentication, IIS will require IE send windows authentication token, if
    IIS didn't find one (for example, a user from unknown AD), it will return
    IE an error message, and the login popup dialog will be displayed in IE.
    So, what we can do in the ASP.NET application, wouldn't change this
    behavior.

    How about this: you may have a main "entry" form, user can select his
    source by himself, for example, he can select if he is a user with
    companion account, or a AD user which need to be authenticated with form.
    If user select "companion account", you may redirect him to a windows
    authentication webform. For others, redirect him to a login form.

    Regards,

    Luke Zhang
    Microsoft Online Community Lead

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Luke Zhang [MSFT], Jun 16, 2006
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.