Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Can't get ActiveDirectoryMembershipProvider to work

Reply
Thread Tools

Can't get ActiveDirectoryMembershipProvider to work

 
 
David Thielen
Guest
Posts: n/a
 
      03-05-2006
Hi;

How do I set up my ASP.NET 2.0 app to use ActiveDirectory for login? (I have
AspNetSqlMembershipProvider working fine)?

My web.config is:
....
<add name="ADConnectionString"
connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward,DC=net />
....
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershi pProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="windward\administrator"
connectionPassword="******"/>
</providers>
</membership>

Depending on what I try (I have tried other values above) I get either "A
referral was returned from the server." or ""Unable to establish secure
connection with the server" or "The container specified in the connection
string does not exist".

Any ideas???

Also, is there a way to do this without putting a password in the config
file? This strikes me as a horrible thing to have there security wise.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

 
Reply With Quote
 
 
 
 
David Thielen
Guest
Posts: n/a
 
      03-05-2006
ps - I have read through
http://msdn.microsoft.com/library/de...aght000026.asp several times.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      03-06-2006
I'm still not up to speed on the AD membership provider, but this DN looks
wrong:

CN=Users,DC=picard,DC=windward,DC=net

Especially when used in conjunction with a DC with a DNS name that ends in
..local. They generally have to match.

You can use a tool like ADSI Edit or ldp.exe (my favorite) to check the
values of these things.

Joe K.

"David Thielen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> ps - I have read through
> http://msdn.microsoft.com/library/de...aght000026.asp
> several times.
>
> --
> thanks - dave
> david_at_windward_dot_net
> http://www.windwardreports.com
>



 
Reply With Quote
 
Luke Zhang [MSFT]
Guest
Posts: n/a
 
      03-06-2006
Hello,

I notice your connection string:

connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
,DC=net />

Should it be?

connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
,DC=local />

Also, to verify the connection string, you may first try to query the AD
with a vbscript like:

Dim oUser

strDomainDN = "YOURDOMAIN"
strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"

Set oUser = GetObject("LDAP://" & strUserDN)

After this works, and then try it in your ASP.NET application.

Luke Zhang
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
David Thielen
Guest
Posts: n/a
 
      03-06-2006
Hi;

Sorry, I tried with local too - aetting both to net and then to local, and
then trying each set different (which is what I copied) - problems with all.

Also, how do I call GetObject() - what class type do I need to be in or
object dor I use?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com



"Luke Zhang [MSFT]" wrote:

> Hello,
>
> I notice your connection string:
>
> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
> ,DC=net />
>
> Should it be?
>
> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
> ,DC=local />
>
> Also, to verify the connection string, you may first try to query the AD
> with a vbscript like:
>
> Dim oUser
>
> strDomainDN = "YOURDOMAIN"
> strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
>
> Set oUser = GetObject("LDAP://" & strUserDN)
>
> After this works, and then try it in your ASP.NET application.
>
> Luke Zhang
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      03-06-2006
Don't use GetObject. That is holdover VB compatibility stuff. You should
use the DirectoryEntry class in System.DirectoryServices.

Note that I'd recommend testing this stuff out with a tool like ADSI edit or
ldp.exe before writing code if you are not 100% sure about the code as you
won't be able to trust your own results as easily and will spend more time
dinking aroun that way.

Joe K.

"David Thielen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi;
>
> Sorry, I tried with local too - aetting both to net and then to local, and
> then trying each set different (which is what I copied) - problems with
> all.
>
> Also, how do I call GetObject() - what class type do I need to be in or
> object dor I use?
>
> --
> thanks - dave
> david_at_windward_dot_net
> http://www.windwardreports.com
>
>
>
> "Luke Zhang [MSFT]" wrote:
>
>> Hello,
>>
>> I notice your connection string:
>>
>> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
>> ,DC=net />
>>
>> Should it be?
>>
>> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
>> ,DC=local />
>>
>> Also, to verify the connection string, you may first try to query the AD
>> with a vbscript like:
>>
>> Dim oUser
>>
>> strDomainDN = "YOURDOMAIN"
>> strUserDN = strDomainDN & "/CN=John
>> Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
>>
>> Set oUser = GetObject("LDAP://" & strUserDN)
>>
>> After this works, and then try it in your ASP.NET application.
>>
>> Luke Zhang
>> (This posting is provided "AS IS", with no warranties, and confers no
>> rights.)
>>
>>



 
Reply With Quote
 
Luke Zhang [MSFT]
Guest
Posts: n/a
 
      03-07-2006
Thank you for Joe's suggestion on ADSI edit and ldp.exe, it is a better
idea to verify your connection string and query with these before you
actually use them in the code.

Luke Zhang
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
David Thielen
Guest
Posts: n/a
 
      03-07-2006
Hi;

I did that and started a new thread here with the original question and the
results from ldp (it failed).

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com



"Joe Kaplan (MVP - ADSI)" wrote:

> Don't use GetObject. That is holdover VB compatibility stuff. You should
> use the DirectoryEntry class in System.DirectoryServices.
>
> Note that I'd recommend testing this stuff out with a tool like ADSI edit or
> ldp.exe before writing code if you are not 100% sure about the code as you
> won't be able to trust your own results as easily and will spend more time
> dinking aroun that way.
>
> Joe K.
>
> "David Thielen" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi;
> >
> > Sorry, I tried with local too - aetting both to net and then to local, and
> > then trying each set different (which is what I copied) - problems with
> > all.
> >
> > Also, how do I call GetObject() - what class type do I need to be in or
> > object dor I use?
> >
> > --
> > thanks - dave
> > david_at_windward_dot_net
> > http://www.windwardreports.com
> >
> >
> >
> > "Luke Zhang [MSFT]" wrote:
> >
> >> Hello,
> >>
> >> I notice your connection string:
> >>
> >> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
> >> ,DC=net />
> >>
> >> Should it be?
> >>
> >> connectionString=LDAP://picard.windward.local/CN=Users,DC=picard,DC=windward
> >> ,DC=local />
> >>
> >> Also, to verify the connection string, you may first try to query the AD
> >> with a vbscript like:
> >>
> >> Dim oUser
> >>
> >> strDomainDN = "YOURDOMAIN"
> >> strUserDN = strDomainDN & "/CN=John
> >> Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
> >>
> >> Set oUser = GetObject("LDAP://" & strUserDN)
> >>
> >> After this works, and then try it in your ASP.NET application.
> >>
> >> Luke Zhang
> >> (This posting is provided "AS IS", with no warranties, and confers no
> >> rights.)
> >>
> >>

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't get ActiveDirectoryMembershipProvider to work David Thielen ASP .Net Security 21 03-16-2006 02:30 PM
ActiveDirectoryMembershipProvider do not work ? zxc ASP .Net Security 0 11-07-2005 01:56 PM
user schema change for ActiveDirectoryMembershipProvider steven@sbcanada.com ASP .Net 0 11-01-2005 09:25 PM
ActiveDirectoryMembershipProvider ASP.NET 2.0 Arnel ASP .Net 3 10-31-2005 06:02 AM
ActiveDirectoryMembershipProvider login always fail Natan Vivo ASP .Net 1 10-31-2005 02:43 AM



Advertisments