Re: AD Login failure when using ActiveDirectoryMembershipProvider

hm.. Craig maybe what they mean is that if you want to use the process
identity to connect then use
<identity impersonate="true" /> with your username and passoword
Patrick


"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:537464B9-82F0-44AA-B217-B197973D7C55@xxxxxxxxxxxxxxxx
Here's my configuration:

- ASP.NET application
- Windows XP Pro running IIS
-Vdir is configured to allow anonymous access
- Anonymous access account is my domain account (for testing purposes it's
quicker and easier to do this than to try to get another domain account
set
up)
- Web application has impersonation turned on (i.e. <identity
impersonate="true" />)

My web.config contains:

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
connectionProtection="Secure"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>

With the above configuration, when I hit the following line of code I get
an
exception of "Logon failure: unknown user name or bad password."

Membership.ValidateUser( txtUsername.Text, txtPassword.Text );

If I change the web.config to the following, it works.

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
connectionUsername="mydomainaccount"
connectionPassword="mydomainpassword"
connectionProtection="Secure"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>

What has me baffled is that everything I've read says that if you don't
supply the connectionUsername and connectionPassword it will use the
process
identity to connect to AD. The process identity SHOULD be my domain
account,
because that's the anonymous access account and impersonation is turned
on,
and it obviously works when I use my domain account credentials.


.

Relevant Pages

  • Re: IIS 6 CreateObject premissions issue
    ... >> tier system so I am confident that running on Windows 2000 what I am ... >> What I am attempting is to add a Windows 2003 server box to function as ... However if it is set for anonymous access using the ... >> end boxes to specifically allow the Domain account I attempted to use as ...
    (microsoft.public.inetserver.iis.security)
  • RE: IUSER in MSCS
    ... Yes it is recommended that you use a Domain account for anonymous access on ... Restart IIS by running IISreset ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Annonymous account using domain account
    ... Well, after opened a case with M$, we can try using a vbscript to grab ... How To Set Up Duplicate Anonymous Accounts on Separate Servers ... > Some of the folders are using a domain account as anonymous access. ...
    (microsoft.public.inetserver.iis.security)
  • Permissions
    ... FileSystemObject within ASP to create and delete folders ... on a different server. ... Using Anonymous Access with a nominated domain account, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Annonymous account using domain account
    ... Well, after opened a case with M$, we can try using a vbscript to grab ... How To Set Up Duplicate Anonymous Accounts on Separate Servers ... > Some of the folders are using a domain account as anonymous access. ...
    (microsoft.public.inetserver.iis)