locked
Active Directory Authentication with Login Control ASP.Net 3.5 or 4 RRS feed

  • Question

  • User-2117934185 posted

    Hello, I am trying to follow instructions on how to create a login page that tests against active directory.  My issue is all of the tutorials seem to be written for ASP.NET 2.0.  When I try to follow them I cannot get them to work.  Does anyone have any tutorial or information for .NET 3.5 or 4.0?

    Thanks

    Friday, May 7, 2010 4:10 PM

Answers

  • User-2117934185 posted

    UPDATE:

    I just managed to get this working.  I changed the connection string to remove the :239 then made it just LDAP://domainname.local

    It then worked instantly, I then replaced everything in the login.aspx with just a login control and the existing code worked.  I did not need to limit this code by OU, I can see instances where you would need or want to, but I didn't.  Here's the Final Working code for everyone else searching out this subject:

    web.config

    <?xml version="1.0"?>
    
    <!--
      For more information on how to configure your ASP.NET application, please visit
      http://go.microsoft.com/fwlink/?LinkId=169433
      -->
    
    <configuration>
      <connectionStrings>
        <add name="ADConnectionString"
        connectionString="LDAP://domain.local"/>
      </connectionStrings>
    
      <system.web>
        <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
    
        <authentication mode="Forms">
          <forms name=".ADAuthCookie" timeout="43200"/>
        </authentication>
        <authorization>
          <deny users="?"/>
          <allow users="*"/>
        </authorization>
    
       <membership defaultProvider="MyADMembershipProvider">
          <providers>
            <clear/>
            <add name="MyADMembershipProvider"
            type="System.Web.Security.ActiveDirectoryMembershipProvider, 
            System.Web, Version=2.0.0.0, Culture=neutral, 
            PublicKeyToken=b03f5f7f11d50a3a"
            attributeMapUsername="sAMAccountName"             
            connectionStringName="ADConnectionString"/>
          </providers>
        </membership>
    
        <profile>
          <providers>
            <clear/>
            <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
          </providers>
        </profile>
    
        <roleManager enabled="false">
          <providers>
            <clear/>
            <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
            <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
          </providers>
        </roleManager>
    
      </system.web>
    
      <system.webServer>
         <modules runAllManagedModulesForAllRequests="true"/>
      </system.webServer>
    </configuration>
    

    login.aspx

    <%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Login.aspx.vb" Inherits="AD5.Login1" %>
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
        <title></title>
    </head>
    <body>
        <form id="form1" runat="server">
        <div>
     
            <asp:Login ID="Login1" runat="server">
            </asp:Login>
     
        </div>
        </form>
    </body>
    </html>
    





    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, May 9, 2010 7:11 PM

All replies

  • User-2117934185 posted

    This is a nice article, but doesn't cover Active Directory, are there any out there that do?

    Saturday, May 8, 2010 9:43 AM
  • User-2080168305 posted

    pls check these articles

    http://www.packtpub.com/article/asp.net-3.5-cms-adding-security-and-membership-part1

    http://thewebjedi.com/cs/blogs/meditations/archive/2008/11/07/working-with-active-directory-in-net-3-5.aspx

    http://wiki.asp.net/page.aspx/462/how-to-query-active-directory-without-hard-coding-the-domain-name/

    http://www.c-sharpcorner.com/uploadfile/ankithakur/login_using_active_directory04052006061801am/login_using_active_directory.aspx

    http://www.codeproject.com/KB/aspnet/ASP_Net3_5CustomWinAuthen.aspx

    Saturday, May 8, 2010 12:52 PM
  • User-2117934185 posted

    Hello, I referenced some of those links, but to no avail, however I did find this tutorial:

    http://blog.evonet.com.au/post/2008/11/05/Using-Active-Directory-to-authenticate-users-to-your-ASPNET-Web-Site.aspx

    I follow that tutorial to a T and when I try to debug, I get the webform but when I click the button it throws an exception:


    Configuration Error

    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: The container specified in the connection string does not exist.

    Source Error:

    Line 30:         <clear/>
    Line 31: <add name="MyADMembershipProvider"
    Line 32: type="System.Web.Security.ActiveDirectoryMembershipProvider,
    Line 33: System.Web, Version=2.0.0.0, Culture=neutral,
    Line 34: PublicKeyToken=b03f5f7f11d50a3a"


    Sunday, May 9, 2010 12:20 AM
  • User-2080168305 posted

    ur connection string is wrong.

    pls post it here.

    and check this related post.

    http://forums.asp.net/t/944777.aspx

    http://www.velocityreviews.com/forums/t110769-forms-authentication-with-active-directory-ldap-problem.html


    Sunday, May 9, 2010 1:40 AM
  • User-2117934185 posted

    <connectionStrings>
        <add name="ADConnectionString"
        connectionString="LDAP://fileserver.domainname.local:239/DC=fileserver,DC=domainname,DC=local"/>
      </connectionStrings>


    I added the :239 for the AD Port number, this changes the error message now to :


    Configuration Error

    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: Unable to establish secure connection with the server

    Source Error:

    Line 30:         <clear/>
    Line 31: <add name="MyADMembershipProvider"
    Line 32: type="System.Web.Security.ActiveDirectoryMembershipProvider,
    Line 33: System.Web, Version=2.0.0.0, Culture=neutral,
    Line 34: PublicKeyToken=b03f5f7f11d50a3a"

    Sunday, May 9, 2010 12:14 PM
  • User-2080168305 posted

    it is becoz the user u r using, is not having full permission to access AD.

    may be u can give username and password in AD Provider.

    refer this link:

    http://stackoverflow.com/questions/1164795/activedirectorymembershipprovider-unable-to-establish-secure-connection

    http://technical.davidunderwood.org/?p=119

    Sunday, May 9, 2010 12:46 PM
  • User-2117934185 posted

    Hey, thanks for sticking with me through this.  I'm following everything you've suggested, but still to no avail.  And I'm finding a lot of information is not available on this particular subject even through Microsoft.  I have tried every possible combination of username /passwords, all giving the same Unable to Establish Secure Connection Error.  So I figure if you saw all of my code it may help.  I wonder if this has to do with it being in ASP.NET 4, and just not many people have created AD Login Pages with it yet.  I'm confident we can get it working, and when we do I will create a tutorial for it.

    Anyhow here is web.config


    <?xml version="1.0"?>
    
    <!--
      For more information on how to configure your ASP.NET application, please visit
      http://go.microsoft.com/fwlink/?LinkId=169433
      -->
    
    <configuration>
      <connectionStrings>
        <add name="ADConnectionString"
        connectionString="LDAP://fileserver.domain.local:239/DC=fileserver,DC=domain,DC=local"/>
      </connectionStrings>
    
      <system.web>
        <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
    
        <authentication mode="Forms">
          <forms name=".ADAuthCookie" timeout="43200"/>
        </authentication>
        <authorization>
          <deny users="?"/>
          <allow users="*"/>
        </authorization>
    
       <membership defaultProvider="MyADMembershipProvider">
          <providers>
            <clear/>
            <add name="MyADMembershipProvider"
            type="System.Web.Security.ActiveDirectoryMembershipProvider, 
            System.Web, Version=2.0.0.0, Culture=neutral, 
            PublicKeyToken=b03f5f7f11d50a3a"
            attributeMapUsername="sAMAccountName"
            connectionStringName="ADConnectionString"
            connectionUsername="domain.local\administrator"
            connectionPassword="password"/>
          </providers>
        </membership>
    
    
    
        <profile>
          <providers>
            <clear/>
            <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
          </providers>
        </profile>
    
        <roleManager enabled="false">
          <providers>
            <clear/>
            <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
            <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
          </providers>
        </roleManager>
    
      </system.web>
    
      <system.webServer>
         <modules runAllManagedModulesForAllRequests="true"/>
      </system.webServer>
    </configuration>
    

    Login.aspx

    <%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Login.aspx.vb" Inherits="AD5.Login1" %>
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
        <title></title>
    </head>
    <body>
        <form id="form1" runat="server">
        <div>
        <asp:Login ID="Login1" runat="server">
        <LayoutTemplate>
        <p>
            <asp:TextBox runat="server" ID="Username" />
        </p>
        <p>
            <asp:TextBox runat="server" ID="Password" TextMode="Password" />
        </p>
        <p>
            <asp:CheckBox ID="RememberMe" runat="server" />
        </p>
            <asp:Button ID="btnLogin" runat ="server" CommandName="Login" />
        </LayoutTemplate>
    </asp:Login>
    
        </div>
        </form>
    </body>
    </html>


    And the error I receive.  I have tried domainname.local\administrator, domainname\administrator, and just administrator.  All with the following error:


    Parser Error Message: Unable to establish secure connection with the server

    Source Error:

    Line 27:         <clear/>
    Line 28: <add name="MyADMembershipProvider"
    Line 29: type="System.Web.Security.ActiveDirectoryMembershipProvider,
    Line 30: System.Web, Version=2.0.0.0, Culture=neutral,
    Line 31: PublicKeyToken=b03f5f7f11d50a3a"

    Sunday, May 9, 2010 5:31 PM
  • User-2117934185 posted

    UPDATE:

    I just managed to get this working.  I changed the connection string to remove the :239 then made it just LDAP://domainname.local

    It then worked instantly, I then replaced everything in the login.aspx with just a login control and the existing code worked.  I did not need to limit this code by OU, I can see instances where you would need or want to, but I didn't.  Here's the Final Working code for everyone else searching out this subject:

    web.config

    <?xml version="1.0"?>
    
    <!--
      For more information on how to configure your ASP.NET application, please visit
      http://go.microsoft.com/fwlink/?LinkId=169433
      -->
    
    <configuration>
      <connectionStrings>
        <add name="ADConnectionString"
        connectionString="LDAP://domain.local"/>
      </connectionStrings>
    
      <system.web>
        <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
    
        <authentication mode="Forms">
          <forms name=".ADAuthCookie" timeout="43200"/>
        </authentication>
        <authorization>
          <deny users="?"/>
          <allow users="*"/>
        </authorization>
    
       <membership defaultProvider="MyADMembershipProvider">
          <providers>
            <clear/>
            <add name="MyADMembershipProvider"
            type="System.Web.Security.ActiveDirectoryMembershipProvider, 
            System.Web, Version=2.0.0.0, Culture=neutral, 
            PublicKeyToken=b03f5f7f11d50a3a"
            attributeMapUsername="sAMAccountName"             
            connectionStringName="ADConnectionString"/>
          </providers>
        </membership>
    
        <profile>
          <providers>
            <clear/>
            <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
          </providers>
        </profile>
    
        <roleManager enabled="false">
          <providers>
            <clear/>
            <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
            <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
          </providers>
        </roleManager>
    
      </system.web>
    
      <system.webServer>
         <modules runAllManagedModulesForAllRequests="true"/>
      </system.webServer>
    </configuration>
    

    login.aspx

    <%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Login.aspx.vb" Inherits="AD5.Login1" %>
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
        <title></title>
    </head>
    <body>
        <form id="form1" runat="server">
        <div>
     
            <asp:Login ID="Login1" runat="server">
            </asp:Login>
     
        </div>
        </form>
    </body>
    </html>
    





    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, May 9, 2010 7:11 PM
  • User-1254684073 posted

     

     

    ConnectionProtection=None. forces it to only use the nonsecure port (ususally 389)

     

    Be sure to add the Domain to the user name if you use SamAccount name 

     

     

    connectionUsername="ad\Brown.Eric"

     

    connectionPassword="XXXXX"

     

    attributeMapUsername="SAMAccountName"

     

    connectionProtection="None"

     

    Wednesday, August 4, 2010 4:47 PM
  • User1005758432 posted

    First of, thank you so much for posting your final code. However, I still have the same error as your 05-08-2010, 11:20 PM post. Could anyone shine some light on this issue?

    Tuesday, September 28, 2010 11:00 AM
  • User-2117934185 posted

    Sorry for some reason I didn't get an email alert from this post.  Hope you resolved the issue, I do have a blog where I write in depth tutorials on all my networking and programming problems. 


    JJStellato.blogspot.com

    Tuesday, October 18, 2011 2:34 PM