Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > MembershipProvider, ADAM and userProxy

Reply
Thread Tools

MembershipProvider, ADAM and userProxy

 
 
Guest
Posts: n/a
 
      08-29-2006
Hello,
I finally got my POC to work. I have some users in ADAM and I can browse
and validate using the Membership provider... Cool!!!!

Except that if I have a user of userProxy class in ADAM, my provider
does not see it. After doing much reseach (googling is the new term) I think
I understand why. The AD Membership provider looks for user class, not
userProxy class. That make sense.... still how can I see/manage my users.

Unless someone has a miracle cure for this, I'll have to write my own
member ship provider for ADAM.

All comments are welcome.

-Martin


 
Reply With Quote
 
 
 
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      08-30-2006
Hello Martin,

It seems you've got the basic stuff of AD membership provider working (the
issue you posted in the previous thread).

As for the new problem you mentioned, I'd like to confirm the class
(userProxy and user) here, is it the OU in AD? Based on my local test, it
is possible that different AD objects like users are stored in different
OU. What's the current AD connectionstring you used?

If the problem here is that the users are under different OU which can not
be covered by a single connectionstring(such as authenticate users in
different domains), you can consider define multiple membership providers
in code and programmtically determine which one to use (all use all of them
on by one). Here is a MSDN tech article discusing on authenticate users in
multiple trusted domains through the AD membership provider:

#How To: Use Forms Authentication with Active Directory in Multiple Domains
in ASP.NET 2.0
http://msdn.microsoft.com/library/en...1.asp?frame=tr
ue

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 
Reply With Quote
 
 
 
 
Joe Kaplan
Guest
Posts: n/a
 
      08-30-2006
I haven't looked at the code in the provider to know if there is something
easy you could just override to make this work, but one thing that did occur
to me is that you could just rename the userProxy class to user and change
user to something else in ADAM. It would be confusing, but it would
probably work.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<(E-Mail Removed)> wrote in message
news:ew%(E-Mail Removed)...
> Hello,
> I finally got my POC to work. I have some users in ADAM and I can browse
> and validate using the Membership provider... Cool!!!!
>
> Except that if I have a user of userProxy class in ADAM, my provider
> does not see it. After doing much reseach (googling is the new term) I
> think I understand why. The AD Membership provider looks for user class,
> not userProxy class. That make sense.... still how can I see/manage my
> users.
>
> Unless someone has a miracle cure for this, I'll have to write my own
> member ship provider for ADAM.
>
> All comments are welcome.
>
> -Martin
>



 
Reply With Quote
 
Guest
Posts: n/a
 
      08-30-2006
Hi Steven,
The problem is that the AD membership provider only the 'user' class.
ADAM manages, on top of the user class, a userProxy class. This userProxy
class is not recognized by the AD membership provider... hence I have a
problem.

Thank you for your help Steven

-Martin

"Steven Cheng[MSFT]" <(E-Mail Removed)> wrote in message
news:BvA2w6%(E-Mail Removed)...
> Hello Martin,
>
> It seems you've got the basic stuff of AD membership provider working (the
> issue you posted in the previous thread).
>
> As for the new problem you mentioned, I'd like to confirm the class
> (userProxy and user) here, is it the OU in AD? Based on my local test, it
> is possible that different AD objects like users are stored in different
> OU. What's the current AD connectionstring you used?
>
> If the problem here is that the users are under different OU which can not
> be covered by a single connectionstring(such as authenticate users in
> different domains), you can consider define multiple membership providers
> in code and programmtically determine which one to use (all use all of
> them
> on by one). Here is a MSDN tech article discusing on authenticate users in
> multiple trusted domains through the AD membership provider:
>
> #How To: Use Forms Authentication with Active Directory in Multiple
> Domains
> in ASP.NET 2.0
> http://msdn.microsoft.com/library/en...1.asp?frame=tr
> ue
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>



 
Reply With Quote
 
Guest
Posts: n/a
 
      08-30-2006
Thank you Joe,
That helps to know that I am rigth... sometimes.

I like your solution but in our solution we want to use both user and
userProxy. I have already started working on an ADAM membership provider...
If you have any pointers I'd be more than happy to listen.

Thank you

-Martin

"Joe Kaplan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I haven't looked at the code in the provider to know if there is something
>easy you could just override to make this work, but one thing that did
>occur to me is that you could just rename the userProxy class to user and
>change user to something else in ADAM. It would be confusing, but it would
>probably work.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> <(E-Mail Removed)> wrote in message
> news:ew%(E-Mail Removed)...
>> Hello,
>> I finally got my POC to work. I have some users in ADAM and I can
>> browse and validate using the Membership provider... Cool!!!!
>>
>> Except that if I have a user of userProxy class in ADAM, my provider
>> does not see it. After doing much reseach (googling is the new term) I
>> think I understand why. The AD Membership provider looks for user class,
>> not userProxy class. That make sense.... still how can I see/manage my
>> users.
>>
>> Unless someone has a miracle cure for this, I'll have to write my own
>> member ship provider for ADAM.
>>
>> All comments are welcome.
>>
>> -Martin
>>

>
>



 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      08-30-2006
Ah, I see. That is a bit of a PITA. It sounds like you are building an
extranet scenario or something (some users in AD, some in ADAM, integrated
in ADAM via bind proxies and simple bind).

I wish I could help more with this, but I don't know what you need to do.
However, I do know the providers are designed to be inherited from, so
perhaps you can do that and just modify the piece you need via an override.

You might also consider using reflector and the file disassembler plugin to
reverse engineer the existing one so you can easily recompile a small mod.
Might save you some time (if overriding isn't an option).

Best of luck!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thank you Joe,
> That helps to know that I am rigth... sometimes.
>
> I like your solution but in our solution we want to use both user and
> userProxy. I have already started working on an ADAM membership
> provider... If you have any pointers I'd be more than happy to listen.
>
> Thank you
>
> -Martin
>
> "Joe Kaplan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I haven't looked at the code in the provider to know if there is something
>>easy you could just override to make this work, but one thing that did
>>occur to me is that you could just rename the userProxy class to user and
>>change user to something else in ADAM. It would be confusing, but it
>>would probably work.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> <(E-Mail Removed)> wrote in message
>> news:ew%(E-Mail Removed)...
>>> Hello,
>>> I finally got my POC to work. I have some users in ADAM and I can
>>> browse and validate using the Membership provider... Cool!!!!
>>>
>>> Except that if I have a user of userProxy class in ADAM, my provider
>>> does not see it. After doing much reseach (googling is the new term) I
>>> think I understand why. The AD Membership provider looks for user class,
>>> not userProxy class. That make sense.... still how can I see/manage my
>>> users.
>>>
>>> Unless someone has a miracle cure for this, I'll have to write my own
>>> member ship provider for ADAM.
>>>
>>> All comments are welcome.
>>>
>>> -Martin
>>>

>>
>>

>
>



 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      08-31-2006
Hi Martin,

Yes, you're right. After lookup the diassembly code of the
ActiveDirectoryMembershipProvider, I found the following code fragement
which hard code the DirectorySearcher's filter as (objectClass = user):

===============================
private MembershipUser FindUser(DirectoryEntry containerEntry, string
filter, SearchScope searchScope, bool retrieveSAMAccountName, out
DirectoryEntry userEntry, out bool resetBadPasswordAnswerAttributes, out
string sAMAccountName)
{
MembershipUser user1 = null;
DirectorySearcher searcher1 = new DirectorySearcher(containerEntry);
searcher1.SearchScope = searchScope;
searcher1.Filter = "(&(objectCategory=person)(objectClass=user)" +
filter + ")";

...............................

}
================================

So I agree with you that building a custom provider would be a reasonable
solution. Also, you can even make it more flexible(add more configurable
options) so that it can fit more scenarios.

For building custom membership providers, here are some good reference
maybe helpful to you:


#Source Code for the Built-in ASP.NET 2.0 Providers Now Available for
Download
http://weblogs.asp.net/scottgu/archi...13/442772.aspx

#Provider Toolkit
http://msdn.microsoft.com/asp.net/do...s/default.aspx


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.




 
Reply With Quote
 
Guest
Posts: n/a
 
      08-31-2006
Thank you Steven,
Your help is appreciated.

-Martin

"Steven Cheng[MSFT]" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Hi Martin,
>
> Yes, you're right. After lookup the diassembly code of the
> ActiveDirectoryMembershipProvider, I found the following code fragement
> which hard code the DirectorySearcher's filter as (objectClass = user):
>
> ===============================
> private MembershipUser FindUser(DirectoryEntry containerEntry, string
> filter, SearchScope searchScope, bool retrieveSAMAccountName, out
> DirectoryEntry userEntry, out bool resetBadPasswordAnswerAttributes, out
> string sAMAccountName)
> {
> MembershipUser user1 = null;
> DirectorySearcher searcher1 = new DirectorySearcher(containerEntry);
> searcher1.SearchScope = searchScope;
> searcher1.Filter = "(&(objectCategory=person)(objectClass=user)" +
> filter + ")";
>
> ...............................
>
> }
> ================================
>
> So I agree with you that building a custom provider would be a reasonable
> solution. Also, you can even make it more flexible(add more configurable
> options) so that it can fit more scenarios.
>
> For building custom membership providers, here are some good reference
> maybe helpful to you:
>
>
> #Source Code for the Built-in ASP.NET 2.0 Providers Now Available for
> Download
> http://weblogs.asp.net/scottgu/archi...13/442772.aspx
>
> #Provider Toolkit
> http://msdn.microsoft.com/asp.net/do...s/default.aspx
>
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>



 
Reply With Quote
 
Guest
Posts: n/a
 
      08-31-2006
Thank you Joe,
I have already started to work on the provider, pretty simple in fact.


-Martin
"Joe Kaplan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Ah, I see. That is a bit of a PITA. It sounds like you are building an
> extranet scenario or something (some users in AD, some in ADAM, integrated
> in ADAM via bind proxies and simple bind).
>
> I wish I could help more with this, but I don't know what you need to do.
> However, I do know the providers are designed to be inherited from, so
> perhaps you can do that and just modify the piece you need via an
> override.
>
> You might also consider using reflector and the file disassembler plugin
> to reverse engineer the existing one so you can easily recompile a small
> mod. Might save you some time (if overriding isn't an option).
>
> Best of luck!
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Thank you Joe,
>> That helps to know that I am rigth... sometimes.
>>
>> I like your solution but in our solution we want to use both user and
>> userProxy. I have already started working on an ADAM membership
>> provider... If you have any pointers I'd be more than happy to listen.
>>
>> Thank you
>>
>> -Martin
>>
>> "Joe Kaplan" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I haven't looked at the code in the provider to know if there is
>>>something easy you could just override to make this work, but one thing
>>>that did occur to me is that you could just rename the userProxy class to
>>>user and change user to something else in ADAM. It would be confusing,
>>>but it would probably work.
>>>
>>> Joe K.
>>>
>>> --
>>> Joe Kaplan-MS MVP Directory Services Programming
>>> Co-author of "The .NET Developer's Guide to Directory Services
>>> Programming"
>>> http://www.directoryprogramming.net
>>> --
>>> <(E-Mail Removed)> wrote in message
>>> news:ew%(E-Mail Removed)...
>>>> Hello,
>>>> I finally got my POC to work. I have some users in ADAM and I can
>>>> browse and validate using the Membership provider... Cool!!!!
>>>>
>>>> Except that if I have a user of userProxy class in ADAM, my provider
>>>> does not see it. After doing much reseach (googling is the new term) I
>>>> think I understand why. The AD Membership provider looks for user
>>>> class, not userProxy class. That make sense.... still how can I
>>>> see/manage my users.
>>>>
>>>> Unless someone has a miracle cure for this, I'll have to write my
>>>> own member ship provider for ADAM.
>>>>
>>>> All comments are welcome.
>>>>
>>>> -Martin
>>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
gely
Guest
Posts: n/a
 
      09-14-2006
Guys,

Although I am a bit late getting to this party, I am driving the same
road.

Question: Where is the source for the ActiveDirectoryMembershipProvider
class? The link for the "Source Code for the Built-in ASP.NET 2.0
Providers" (so gractiously supplied by Steven Cheng) includes code for
the SQLMembershipProvider class, but I can't find the one for AD.

Am I missing something?
Am I looking in the wrong place?
.. or am I just asking for something that isn't yet available?

- Thanks,
gely -

*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Adam Gadahn (Azzam) # An Invitation To Reflection And Repentance #((IMPORTANT VIDEO)) 1111 Digital Photography 0 01-06-2008 11:09 PM
ADAM and AzMan with ASP.NET 2.0 =?Utf-8?B?SmFtZXMgQ29sZW1hbg==?= ASP .Net 0 02-24-2006 04:48 PM
ASP.NET 2.0, MS AD/ADAM and Authorization Manager (AzMan) Michael Herman \(Parallelspace\) ASP .Net 1 07-09-2005 01:44 PM
SIOUXSIE - ADAM AND THE ANTS - PJ HARVEY - CRAMPS - GUN CLUB DVDS! Videos from Hell DVD Video 0 04-20-2004 09:52 AM
Adam West and Richard Simmons Waterperson77 DVD Video 14 02-24-2004 11:07 AM



Advertisments