Re: SSL ADAM and XP
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 6 Sep 2006 19:35:04 +0000 (UTC)
Have a look at the profile feature in ASP.NET - thats what you really want. That said, there is no profile provider for ADAM and you have to write your own.
---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com
Hi Joe,
I think I am getting close.
The missing piece for the certificate setup for me was going into MMC
and adding a Certificates SNAP-IN pointing to the ADAM Instance
Service. Then I added fabrikam to the Personal folder. I tested with
ldp and confirmed it connects.
Also, I found this relevant blog:
http://www.oftedal.no/~erlend/?blogid=7. Also, if you don't have a
cert, look at this one:
http://blogs.msdn.com/cjacks/archive/2005/11/15/493122.aspx
The other piece of the puzzle that is missing for me is connecting
through the Membership provider in ASP.NET 2.0. With
connectionProtection="Secure" it complains with "Logon failure:
unknown user name or bad password". It is calling the exception a
Configuration Error. The exception is only published to the
application event viewer through the generic ASP.NET 2.0 logging
handler. Nothing is reported to the Security Audit log nor the ADAM
instance log.
BTW, this happens when I call Membership.GetAllUsers();
I have no users in the ADAM so far.
We won't be using ADAM for authenticating users. The users will exist
through CardSpace or OpenId. We'll just be using ADAM as an account
store to augment those identities with some attributes we want (last
visited, etc.).
So the idea is the Windows Identity of the ASPNET process (currently
the same one running the ADAM instance on my dev box) will connect to
ADAM to create and retrieve user objects. But is this the wrong idea?
Do I need to create an ADAM user object through LDP that will be the
administrator and then hard-code that username and password into
web.config?
Noremac
"Joe Kaplan" wrote:
If you already have an SSL cert for fabrikam.com, you can use that
for ADAM (as long as you use the fabrikam.com DNS name to connect,
not localhost).
For ADAM, you want to install the cert and private key into store for
the service account running ADAM. If you do some Google searches,
you'll find more details.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Noremac" <Noremac@xxxxxxxxxxxxxxxxx> wrote in message
news:F3BA4B55-8725-4222-9CA1-1A651539C012@xxxxxxxxxxxxxxxx
I am going around in circles. Sorry for posting a question that may
already be answered.
I want to use the ADAM Membership Provider on my development Windows
XP machine using VS2005.
I have ADAM working on my local computer. I got it working through
the ASP.NET 2.0 RBAC article.
I setup web.config based on stuff I googled. But when I call this
line:
MembershipUserCollection users = Membership.GetAllUsers(), I get the
"Unable
to establish secure connection with the server using SSL".
I can only find references to getting SSL with W2K machines or
disabling
SSL
on XP machines. I want to have SSL work on XP.
I do have a fabrikam certificate from other samples I have on this
machine.
These are the ldap connection strings I have tried that do not work:
LDAP://localhost:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C
=US
LDAP://localhost:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C
=US
LDAP://fabrikam.com:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNe
t,C=US
LDAP://fabrikam.com:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNe
t,C=US
Thanks!
Noremac
.
- References:
- Re: SSL ADAM and XP
- From: Noremac
- Re: SSL ADAM and XP
- Prev by Date: Crazy Logouts
- Next by Date: File access denied
- Previous by thread: Re: SSL ADAM and XP
- Next by thread: Security Exception when accessing the registry
- Index(es):
Relevant Pages
|
|
