Re: MembershipProvider and ADAM

Thank you Steven,
I'll have a look at what you sent.

-Martin

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:LokoXAyyGHA.4220@xxxxxxxxxxxxxxxxxxxxxxxx
Hello Martin,

As for the following error you encountered when using the AD membership
provider.

====================
"Unable to establish secure connection with the server using SSL."
====================

Since I'm not sure about your local AD environment, assume that the LDAP
connectionstring has no problem. Based on my research, it is likely the AD
membership provider has choosed to use SSL connection to access AD server.
And this is done when we configured the AD membership provider's
"connectionProtetion" as "secured". However, from the configuration
section you pasted, you've already set the "connectionProtection" as
"None".

Another one I found in your configuration fragement is that you haven't
explicitly provide the "connectionUsername" and "connectionPassword" in
the
provider element, based on my research, the username/password is required
when we use "connectionProtection="None"". You can have a look at the
following article which has mentioned the AD connectionstring and provider
configuration:


#How To: Use Membership in ASP.NET 2.0
http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000022.asp?frame=tr
ue

I've tried both connectionProtection with "Secure" and "None" and both of
them work correctly. e.g.

========================
<add name="ADAMMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0,
Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
enableSearchMethods="true"
connectionProtection="None"

connectionUsername="username"
connectionPassword="password"

</add>
==============================

or

====================
<add name="ADAMMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0,
Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
enableSearchMethods="true"
connectionProtection="Secure"

connectionUsername="stcheng@xxxxxxxxxxxxxxxxxxxxxxxxxx"
connectionPassword="sc@1982!!1"

</add>
=======================


BTW, have you also tried using the connectionstring to the remote AD users
store in your environment:

LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com

as mentioned in the above article to see whether it works.

Here are some other articles which has described using ASP.NET 2.0
membership/ role management service:


#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
Resources
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C0
0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx

Please feel free to let me know if you have any further finding.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no
rights.




.

Relevant Pages

  • Re: Defining Groups with AD users
    ... For ASP.NET authentication and role based authorization, ... you can configure the membership to use AD ... membership provider and Rolemanager to use SQL server provider. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: MembershipProvider and ADAM
    ... membership provider has choosed to use SSL connection to access AD server. ... following article which has mentioned the AD connectionstring and provider ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • programmatic database access
    ... I will use this class to do the gruntwork for a custom membership ... Second I need help with the programmatic access of the database. ... provider when it appears in the web.config membership provider tag. ... static string to hold the connectionString for the connection setup. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Different password policies for different roles
    ... As you have found, by default, each ASP.NET membership provider has a set ... password related policy to the loosest level. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Defining Groups with AD users
    ... For ASP.NET authentication and role based authorization, ... you can configure the membership to use AD ... membership provider and Rolemanager to use SQL server provider. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)