Webserver must be member of domein to use ADMembership Provider?

Question

User-384517966 posted
Our company is not very well organized, we have a domain controller (SBS2003) but only for the Exchange. We also have two web servers (2003 standard and 2000 server) for testing and deploying. My thought was, single signon for all internal webapps. So I started looking into the ADMembership Provider.

But I am wondering, the webservers, they are not part of the domain, should they be for this too work? Pretty basic maybe, but I couldn't find it, maybe because it's obvious, but not for me, as I have very little knowledge of AD.

Thank you!

Answer 1

User1354132231 posted
I think you can get it to work.  You have to specify a specific server for a connection string and use explicit credentials in the provider settings, but it should work.

Answer 2

User-384517966 posted

Is there a way to see exactly what happens when I try to connect? Using this managed providers seems easy, but I don't get much feedback on why I can't login. So I still don't know if it's because I am not correctly connecting to the DC or if I simply don't have the rights or something else entirely.

Can I trace this from the management console on the Domain Controller (it's a Small Business Server 2003)?

Answer 3

User1354132231 posted
Sure, there are a number of ways to approach this.  You can use Ethereal to get a trace that will tell you exactly what your client (the IIS server in this case) is trying to do under the hood.  That will probably be the most informative.  If you have a specific DC targeted in your configuration, you can also audit the event logs there (make sure you have audit failures on) to see what is happening as well.

Ethereal is free and easy to use.  It also decodes the traffic messages for you on LDAP, which makes your life pretty easy.  If you have not used it before, it is a great tool.