Re: SSL ADAM and XP

Unfortunately I don't know anything useful about the AD membership provider
yet, so I'm not sure exactly what to tell you regarding how you want to use
it. It should be possible to find a way to augment use data in ADAM but use
a different source for the actual authentication. However, I'm guessing
you'll need to write your own provider to accomplish that. I don't think
any of the built in providers allow for a split model like that.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Noremac" <Noremac@xxxxxxxxxxxxxxxxx> wrote in message
news:E5728932-154D-4072-AEF2-8B481F3DA5E6@xxxxxxxxxxxxxxxx
Hi Joe,

I think I am getting close.

The missing piece for the certificate setup for me was going into MMC and
adding a Certificates SNAP-IN pointing to the ADAM Instance Service. Then
I
added fabrikam to the Personal folder. I tested with ldp and confirmed it
connects.

Also, I found this relevant blog: http://www.oftedal.no/~erlend/?blogid=7.
Also, if you don't have a cert, look at this one:
http://blogs.msdn.com/cjacks/archive/2005/11/15/493122.aspx

The other piece of the puzzle that is missing for me is connecting through
the Membership provider in ASP.NET 2.0. With connectionProtection="Secure"
it
complains with "Logon failure: unknown user name or bad password". It is
calling the exception a Configuration Error. The exception is only
published
to the application event viewer through the generic ASP.NET 2.0 logging
handler. Nothing is reported to the Security Audit log nor the ADAM
instance
log.

BTW, this happens when I call Membership.GetAllUsers();

I have no users in the ADAM so far.

We won't be using ADAM for authenticating users. The users will exist
through CardSpace or OpenId. We'll just be using ADAM as an account store
to
augment those identities with some attributes we want (last visited,
etc.).

So the idea is the Windows Identity of the ASPNET process (currently the
same one running the ADAM instance on my dev box) will connect to ADAM to
create and retrieve user objects. But is this the wrong idea? Do I need to
create an ADAM user object through LDP that will be the administrator and
then hard-code that username and password into web.config?

Noremac

"Joe Kaplan" wrote:

If you already have an SSL cert for fabrikam.com, you can use that for
ADAM
(as long as you use the fabrikam.com DNS name to connect, not localhost).

For ADAM, you want to install the cert and private key into store for the
service account running ADAM. If you do some Google searches, you'll
find
more details.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Noremac" <Noremac@xxxxxxxxxxxxxxxxx> wrote in message
news:F3BA4B55-8725-4222-9CA1-1A651539C012@xxxxxxxxxxxxxxxx
I am going around in circles. Sorry for posting a question that may
already
be answered.

I want to use the ADAM Membership Provider on my development Windows XP
machine using VS2005.

I have ADAM working on my local computer. I got it working through the
ASP.NET 2.0 RBAC article.

I setup web.config based on stuff I googled. But when I call this line:
MembershipUserCollection users = Membership.GetAllUsers(), I get the
"Unable
to establish secure connection with the server using SSL".

I can only find references to getting SSL with W2K machines or
disabling
SSL
on XP machines. I want to have SSL work on XP.

I do have a fabrikam certificate from other samples I have on this
machine.

These are the ldap connection strings I have tried that do not work:
LDAP://localhost:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
LDAP://localhost:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
LDAP://fabrikam.com:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
LDAP://fabrikam.com:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US

Thanks!
Noremac











.

Relevant Pages

  • Re: AD Schema Extension Question
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The ADAM instances could be ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing ADAM user password
    ... setting in ADAM, but it was removed to make ADAM "secure by default". ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Reducing ADAM Accesses
    ... The ADAM rootDSE tokenGroups attribute is a single search you can perform ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... user is a member of a group. ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDAP Bind to ADAM user - bad-pwd-count not being set.
    ... There are definitely a ton of useful things you can do with ADAM ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The basic functionality is working fine, correct passwords and user DNs ...
    (microsoft.public.dotnet.security)
  • Re: Setting Empty Property Values in ADAM
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The ADAM schema was a copy of AD, ...
    (microsoft.public.windows.server.active_directory)