locked
Multiple servers or domain listed for LDAPConnection in webconfig file RRS feed

  • Question

  • User-2071096615 posted

    I am more of a Windows admin looking for a redundant method for Authentication of our ASP.NET webapp.

    The site uses a web.config file for connection related properties.

    So my goal to have the app authenticate against the Domain or Multiple Domain Controllers.
    If a DC dies I want the app just to pick another one from the list...

    Currently the web.config file only specifies 1 Domain Controller.

    <appsettins>

      <add key="LDAPconnection" value="LDAP://SERVER1/DC=DOMAIN,DC=COM" />  

    </appsettings>

    I would like something like

      <add key="LDAPconnection" value="LDAP://DOMAIN/DC=DOMAIN,DC=COM" />  
    I know this setting works but is it best practice...

    or

      <add key="LDAPconnection" value="LDAP://Server1/DC=DOMAIN,DC=COM,LDAP://Server2/DC=DOMAIN,DC=COM" />  

    Hope someone has some advice for me....

    Tuesday, September 2, 2014 7:01 PM

Answers

All replies

  • User-1454326058 posted

    Hi AdamJin,

    For your requirement, you could refer to this article:

    # Use Forms Authentication with Active Directory in Multiple Domains

    http://msdn.microsoft.com/en-us/library/ff650307.aspx

    Best Regards,

    Starain Chen

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 3, 2014 11:34 PM
  • User1508394307 posted

    The best way is to set domain 

    LDAP://DOMAIN.COM/DC=DOMAIN,DC=COM

    because in this case if server1 is down then it will try to get another DC.

    Usage of 

    <add key="LDAPconnection" value="LDAP://Server1/DC=DOMAIN,DC=COM,LDAP://Server2/DC=DOMAIN,DC=COM" />  

    depends on your code, because in this case you would need to read and split it 

    string s = ConfigurationManager.AppSettings["LDAPconnection"];
    string[] arr = s.Split(',');

    foreach(string constr in arr)
          if (...establish_connection_here...)
          {
          }

    Sunday, September 7, 2014 2:29 PM
  • User-2071096615 posted

    thanks, yes it does have the .com in the domain name...

    seems like we are using the correct syntax in the LDAP connection

     

    Sunday, September 7, 2014 8:49 PM