Active Directory Authentication with Login Control ASP.Net 3.5 or 4

Question

User-2117934185 posted

Hello, I am trying to follow instructions on how to create a login page that tests against active directory.  My issue is all of the tutorials seem to be written for ASP.NET 2.0.  When I try to follow them I cannot get them to work.  Does anyone have any tutorial or information for .NET 3.5 or 4.0?

Thanks

Answer 1

User-2080168305 posted

check this:

http://www.wrox.com/WileyCDA/Section/ASP-NET-3-5-Windows-Based-Authentication.id-310905.html

Answer 2

User-2117934185 posted

This is a nice article, but doesn't cover Active Directory, are there any out there that do?

Answer 3

User-2080168305 posted

pls check these articles

http://www.packtpub.com/article/asp.net-3.5-cms-adding-security-and-membership-part1

http://thewebjedi.com/cs/blogs/meditations/archive/2008/11/07/working-with-active-directory-in-net-3-5.aspx

http://wiki.asp.net/page.aspx/462/how-to-query-active-directory-without-hard-coding-the-domain-name/

http://www.c-sharpcorner.com/uploadfile/ankithakur/login_using_active_directory04052006061801am/login_using_active_directory.aspx

http://www.codeproject.com/KB/aspnet/ASP_Net3_5CustomWinAuthen.aspx

Answer 4

User-2117934185 posted

Hello, I referenced some of those links, but to no avail, however I did find this tutorial:

http://blog.evonet.com.au/post/2008/11/05/Using-Active-Directory-to-authenticate-users-to-your-ASPNET-Web-Site.aspx

I follow that tutorial to a T and when I try to debug, I get the webform but when I click the button it throws an exception:

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: The container specified in the connection string does not exist.

Source Error:

Line 30: <clear/> Line 31: <add name="MyADMembershipProvider" Line 32: type="System.Web.Security.ActiveDirectoryMembershipProvider, Line 33: System.Web, Version=2.0.0.0, Culture=neutral, Line 34: PublicKeyToken=b03f5f7f11d50a3a"

Answer 5

User-2080168305 posted

ur connection string is wrong.

pls post it here.

and check this related post.

http://forums.asp.net/t/944777.aspx

http://www.velocityreviews.com/forums/t110769-forms-authentication-with-active-directory-ldap-problem.html

Answer 6

User-2117934185 posted

<connectionStrings>
    <add name="ADConnectionString"
    connectionString="LDAP://fileserver.domainname.local:239/DC=fileserver,DC=domainname,DC=local"/>
  </connectionStrings>

I added the :239 for the AD Port number, this changes the error message now to :

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Unable to establish secure connection with the server

Source Error:

Line 30: <clear/> Line 31: <add name="MyADMembershipProvider" Line 32: type="System.Web.Security.ActiveDirectoryMembershipProvider, Line 33: System.Web, Version=2.0.0.0, Culture=neutral, Line 34: PublicKeyToken=b03f5f7f11d50a3a"

Answer 7

User-2080168305 posted

it is becoz the user u r using, is not having full permission to access AD.

may be u can give username and password in AD Provider.

refer this link:

http://stackoverflow.com/questions/1164795/activedirectorymembershipprovider-unable-to-establish-secure-connection

http://technical.davidunderwood.org/?p=119

Answer 8

User-2117934185 posted

Hey, thanks for sticking with me through this.  I'm following everything you've suggested, but still to no avail.  And I'm finding a lot of information is not available on this particular subject even through Microsoft.  I have tried every possible combination of username /passwords, all giving the same Unable to Establish Secure Connection Error.  So I figure if you saw all of my code it may help.  I wonder if this has to do with it being in ASP.NET 4, and just not many people have created AD Login Pages with it yet.  I'm confident we can get it working, and when we do I will create a tutorial for it.

Anyhow here is web.config

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->

<configuration>
  <connectionStrings>
    <add name="ADConnectionString"
    connectionString="LDAP://fileserver.domain.local:239/DC=fileserver,DC=domain,DC=local"/>
  </connectionStrings>

  <system.web>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />

    <authentication mode="Forms">
      <forms name=".ADAuthCookie" timeout="43200"/>
    </authentication>
    <authorization>
      <deny users="?"/>
      <allow users="*"/>
    </authorization>

   <membership defaultProvider="MyADMembershipProvider">
      <providers>
        <clear/>
        <add name="MyADMembershipProvider"
        type="System.Web.Security.ActiveDirectoryMembershipProvider, 
        System.Web, Version=2.0.0.0, Culture=neutral, 
        PublicKeyToken=b03f5f7f11d50a3a"
        attributeMapUsername="sAMAccountName"
        connectionStringName="ADConnectionString"
        connectionUsername="domain.local\administrator"
        connectionPassword="password"/>
      </providers>
    </membership>



    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>

  </system.web>

  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

Login.aspx

<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Login.aspx.vb" Inherits="AD5.Login1" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <asp:Login ID="Login1" runat="server">
    <LayoutTemplate>
    <p>
        <asp:TextBox runat="server" ID="Username" />
    </p>
    <p>
        <asp:TextBox runat="server" ID="Password" TextMode="Password" />
    </p>
    <p>
        <asp:CheckBox ID="RememberMe" runat="server" />
    </p>
        <asp:Button ID="btnLogin" runat ="server" CommandName="Login" />
    </LayoutTemplate>
</asp:Login>

    </div>
    </form>
</body>
</html>

And the error I receive.  I have tried domainname.local\administrator, domainname\administrator, and just administrator.  All with the following error:

Parser Error Message: Unable to establish secure connection with the server

Source Error:

Line 27: <clear/> Line 28: <add name="MyADMembershipProvider" Line 29: type="System.Web.Security.ActiveDirectoryMembershipProvider, Line 30: System.Web, Version=2.0.0.0, Culture=neutral, Line 31: PublicKeyToken=b03f5f7f11d50a3a"

Answer 9

User-2117934185 posted

UPDATE:

I just managed to get this working.  I changed the connection string to remove the :239 then made it just LDAP://domainname.local

It then worked instantly, I then replaced everything in the login.aspx with just a login control and the existing code worked.  I did not need to limit this code by OU, I can see instances where you would need or want to, but I didn't.  Here's the Final Working code for everyone else searching out this subject:

web.config

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->

<configuration>
  <connectionStrings>
    <add name="ADConnectionString"
    connectionString="LDAP://domain.local"/>
  </connectionStrings>

  <system.web>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />

    <authentication mode="Forms">
      <forms name=".ADAuthCookie" timeout="43200"/>
    </authentication>
    <authorization>
      <deny users="?"/>
      <allow users="*"/>
    </authorization>

   <membership defaultProvider="MyADMembershipProvider">
      <providers>
        <clear/>
        <add name="MyADMembershipProvider"
        type="System.Web.Security.ActiveDirectoryMembershipProvider, 
        System.Web, Version=2.0.0.0, Culture=neutral, 
        PublicKeyToken=b03f5f7f11d50a3a"
        attributeMapUsername="sAMAccountName"             
        connectionStringName="ADConnectionString"/>
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>

  </system.web>

  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

login.aspx

<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Login.aspx.vb" Inherits="AD5.Login1" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
 
        <asp:Login ID="Login1" runat="server">
        </asp:Login>
 
    </div>
    </form>
</body>
</html>

Answer 10

User-1254684073 posted

 

 

ConnectionProtection=None. forces it to only use the nonsecure port (ususally 389)

 

Be sure to add the Domain to the user name if you use SamAccount name 

 

 

connectionUsername="ad\Brown.Eric"

 

connectionPassword="XXXXX"

 

attributeMapUsername="SAMAccountName"

 

connectionProtection="None"

 

Answer 11

User1005758432 posted

First of, thank you so much for posting your final code. However, I still have the same error as your 05-08-2010, 11:20 PM post. Could anyone shine some light on this issue?

Answer 12

User-2117934185 posted

Sorry for some reason I didn't get an email alert from this post.  Hope you resolved the issue, I do have a blog where I write in depth tutorials on all my networking and programming problems. 

JJStellato.blogspot.com