Re: Using login alias in Membership Provider

This is a great idea and seems like it would work if I were writing the
ASP.NET app, but I am just writing the provider. Can I reasonably expect
other apps to do this? In particular, will SharePoint 2007 apply this
logic?

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:4580be63199eb8c8c813b4c2f93f@xxxxxxxxxxxxxxxxxxxxx
What you can do is to set the cookie manually, e.g.

if (Membership.ValidateUser(shortname, password)

MembershipUser user = Membership.GetUser(shortname)
FormsAuthentication.RedirectFromLoginPage(user.Username)

or with the Login control (control is called _login):

protected void _login_Authenticate(object sender, AuthenticateEventArgs e)
{
if (Membership.ValidateUser(_login.UserName, _login.Password)
{
MembershipUser user = Membership.GetUser(_login.UserName);

_login.UserName = user.UserName;
e.Authenticated = true;
}
}


---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

No, I am implementing my own membership provider for a fifferent
directory. Here again is my original questtion:

In implementing an ASP.NET Membership Provider, we can not figure out
how to supply the real user name (used in access control settings,
etc.) when users log in using just the short name.

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:yPDPR6b%23GHA.4432@xxxxxxxxxxxxxxxxxxxxxxxx

Thanks for your reply Stephen,

So are you using the AD membership provider currently? If so, AD
membership
provider only allow us to authenticate user in a single format only.
If
you're not authenticate user through AD membership provider, are you
using
custom provider or a extended membership provider derived from AD
memberhip
provider? As you said that
"Users have only one name ("John Smith/Acme") and that is the only
name that is ever used in access control lists, role membership
lists, etc."

Then, you should always use this name as the username to validate
through membership provider. In other words, you can not make the
membership provider know both "John Smith/Acme" and
"jsmith@xxxxxxxx", you must determine which schema to use. At least
the current built-in ActiveDirectory membership provider require
this.

Also, as for the ACL(Access Control List) you mentioned, are they
normal NTFS file ACL or AD object ACL? How will you use them in your
application?

If convenient, you can provide the membership & role manager specific
configuration in your application's web.config so that we can get a
clear view of it.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no
rights.





.

Relevant Pages

  • Re: Membership custom provider - logout function
    ... The custom membership provider should work against this security server. ... the data store does not generate a sessionID - the data store says yes/no to the credentials - and afterwards the login control creates something called an "authentication ticket" - this tickets get "attached" to the current request/response using either a cookie or query string mangling. ... You can configure the behaviour, lifetime, name etc. of that ticket using the config element. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: ActiveDirectory and user page Access
    ... User and role info is coming from Active directory ... This is a read-only provider that retrieves role information for a Windows ... together with both SQL and AD membership provider. ...
    (microsoft.public.vsnet.general)
  • Re: LDAP Authentication
    ... One of the things with the membership provider framework is that you don't actually have to implement every single interface member when building your provider. ... Most of the complexity stems from managing all that stuff and figuring out the LDAP details to make that work on your given directory platform. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: validaing security using AD groups... in web.config
    ... you're using ASP.NET membership provider and want ... use AD groups for authorization in the application,correct? ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: membership provider
    ... the user only if the user exists in the DB then doing a redirect to the next ... When I stepped through the current app I noticed what he's doing just on the ... running 7 more queries to pull data and put into a user object then passing ... I think your login screen needs to use the custom provider.. ...
    (microsoft.public.dotnet.framework.aspnet)