locked
LDAP not authenticating .net 2.0 membership provider login RRS feed

  • Question

  • User2092452305 posted

    Alright, I can't seem to get this to authenticate, any recommendations would be appreciated

    <?xml version="1.0"?>

    <!--

    Note: As an alternative to hand editing this file you can use the

    web admin tool to configure settings for your application. Use

    the Website->Asp.Net Configuration option in Visual Studio.

    A full list of settings and comments can be found in

    machine.config.comments usually located in

    \Windows\Microsoft.Net\Framework\v2.x\Config

    -->

    <configuration>

    <appSettings/>

    <connectionStrings>

    <add name="LdapConnection" connectionString="LDAP://theLdapServer/ou=domains,o=ExampleDomain.com"/>

    </connectionStrings>

    <system.web>

    <customErrors mode="Off"/>

    <!--

    Set compilation debug="true" to insert debugging

    symbols into the compiled page. Because this

    affects performance, set this value to true only

    during development.

    -->

    <compilation debug="true" />

    <!--

    The <authentication> section enables configuration

    of the security authentication mode used by

    ASP.NET to identify an incoming user.

    -->

    <authorization>

    <deny users="?" />

    <allow users="*" />

    </authorization>

    <authentication mode="Forms">

    <forms name=".ASPXAUTH" loginUrl="login.aspx"

    defaultUrl="default.aspx" protection="All" timeout="30" path="/"

    requireSSL="false" slidingExpiration="true"

    cookieless="UseDeviceProfile" domain=""

    enableCrossAppRedirects="false">

    <credentials passwordFormat="SHA1" />

    </forms>

    </authentication>

    <!--

    The <customErrors> section enables configuration

    of what to do if/when an unhandled error occurs

    during the execution of a request. Specifically,

    it enables developers to configure html error pages

    to be displayed in place of a error stack trace.

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

    <error statusCode="403" redirect="NoAccess.htm" />

    <error statusCode="404" redirect="FileNotFound.htm" />

    </customErrors>

    -->

     

    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">

    <providers>

    <add name="AspNetActiveDirectoryMembershipProvider"

    type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"

    connectionStringName="LdapConnection"

    connectionUsername="myemail@mydomain.com"

    connectionPassword="mypass"

    connectionProtection="None"

    enableSearchMethods="true"/>

    </providers>

    </membership>

     

     

    </system.web>

    </configuration>

    This code will give me the error...

    This provider can target only Active Directory and ADAM directories.

    and my email/pass combo is the user pass, an example being that this code works...

     

    DirectoryEntry entry = new DirectoryEntry(ldapConn, username, password, AuthenticationTypes.Delegation);

    DirectorySearcher mySearcher = new DirectorySearcher(entry);

    SearchResult results;

    mySearcher.Filter = "(mail="+username+")";

    results = mySearcher.FindOne();

     

    I've tried everything under the sun to try to get this to work, username as domain\user, or cn=yada, ou=yada, o=yada

    My guess is that I don't know enough about the ActiveDirectoryMembershipProvider and more importantly active directory and ldap commands.

    But if I got the same code to work in the second example, why can't I get it with the same exact values on the first example?!?

    Wednesday, May 24, 2006 3:17 PM

All replies

  • User1354132231 posted
    What is your directory - ADAM or AD?  What is the format you are using in your code for the 'username' variable?
    Thursday, May 25, 2006 1:08 PM
  • User2092452305 posted

    It appears to be AD even though I've never worked with ADAM so I don't know the difference or what to look for.  Anyway, the formats I've tried these ....

    email@address.com

    (mail=email@address.com)

    cn=mail@address.com

    cn=mail

    email

    cn=mail, ou=address.com, o=domain

     

    Thanks in advance man!!

    Thursday, May 25, 2006 1:20 PM
  • User1354132231 posted
    If it is AD, then you should put no username or password in your config file and turn on 'connectionProtection' to secure.  Then, simply put your IIS 6 appliction into an application pool running under a domain service account and the ActiveDirectoryMembershipProvider should have access to AD to authenticate.

    There are some other options for the provider that allow you specify what the attribute is that users will use to login.  You should probably specify 'sAMAccountName'.  If you check MSDN there is a sample document out there that shows the standard settings.

    If, in fact, you are using ADAM then we will need to work on the config file more and there are a series of blog posts out there that can help get it configured.
    Thursday, May 25, 2006 1:32 PM