Re: Forms Authentication against ADAM
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 Sep 2006 14:04:16 -0500
Did you try setting the userPrincipalName attribute in ADAM? The user
schema included with ADAM has that attribute.
It is generally a good idea to avoid using the DN syntax, as that is a lot
for a user to remember and type in and reveals a lot about your directory
structure that they don't need to know.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"gely" <gely@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B49611C9-BA9E-4FC8-813E-851DC66F7576@xxxxxxxxxxxxxxxx
Using .NET 2.0
I need to be able to authenticate against an instance of ADAM from an
internet browser. At the moment, I am assuming forms based
authentication.
Here is what I have so far:
ADAM is installed on my local workstation (XP Pro).
The web site is on a server (Win2K3).
Using web based forms authentication:
- I can successfully authenticate to the active directory (domain) using
an
appropriate membership provider (web.config)
- I am able to TRY to authenticate to the ADAM instance using an
appropriately permissioned ADAM ID in the membership provider (web.config)
- I say "TRY" because no matter what User Name I use in the forms
authentication app (login.aspx) the result is the login form reporting an
unsuccessful login attempt.
- I am pretty sure I am hitting the correct connection because:
1. the connectionUsername (in the web.config membership provider)
is NOT a member of the domain
2. a good password (for the connectionUsername in the membership
provider) results in a login form message indicating a failed login
attempt
3. a bad password (for the connectionUsername in the membership
provider) results in an application error: "Logon failure: unknown user
name
or bad password"
Additional Information:
I believe my problem is a result of not using a correctly formatted name
when trying to authenticate against ADAM. According to the MSDN developer
article "How To Use Forms Authentication with Active Directory in ASP.NET
2.0" you have to use the UserName@DomainName formatting when the
attributeMapUsername is set to "userPrincipalName". (I tried using
attributeMapUsername="sAMAccountName" but received the application error
message: "The property 'attributeMapUsername' must be mapped to
'userPrincipalName'". Not sure what's up with that.)
So. assuming I have everything else in line at this point, my current
question is:
How does one format a UserName, for forms based authentication via ADAM,
to
use the userPrincipalName setting?
Example: How do I format my test user ID (CN=Test,OU=ADAM Users,O=HR,C=US)
to fit the UserName@DomainName formatting?
Also: Is there another (better?) way to do this?
- Thanks,
Geoff -
.
- Follow-Ups:
- Re: Forms Authentication against ADAM
- From: gely
- Re: Forms Authentication against ADAM
- Prev by Date: Re: ASP.NET Security
- Next by Date: Re: Forms Authentication against ADAM
- Previous by thread: Re: What LDAP Ports thru DMZ
- Next by thread: Re: Forms Authentication against ADAM
- Index(es):
Relevant Pages
|
|
