Re: ActiveDirectoryMembershipProvider & ValidateUser

---

• From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 26 Feb 2007 23:53:22 -0600

---

What happens if you change:

attributeMapUsername="sAMAccountName"

to:

attributeMapUsername="userPrincipalName"

And then try the user@domain format?

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:E393E8F7-5F41-45C8-89F6-D2BB39001C57@xxxxxxxxxxxxxxxx

In all the documentation I've read, the default behavior for ValidateUser
on
the ActiveDirectoryMembershipProvider is that user names must be in
username@domain format.

My web.config contains:

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
/>
</providers>
</membership>

I have tried calling ValidateUser with craig_wagner@xxxxxxxxxxxx,
stockamp\craig_wagner, and craig_wagner and all three return false,
indicating that my credentials are invalid.

When I change my web.config to the following then, as expected, I can use
craig_wagner and authenticate.

<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider...
connectionStringName="ADService"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>

Any idea what I should look for to try to determine why the initial case
is
not authenticating with craig_wagner@xxxxxxxxxxxx?

.

---

• Prev by Date: Using Windows Authentication in ASP.NET - Adding properties to users
• Next by Date: Re: How to start/stop windows service on a remote machine?
• Previous by thread: Using Windows Authentication in ASP.NET - Adding properties to users
• Next by thread: Re: ActiveDirectoryMembershipProvider & ValidateUser
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to get the correct SID format so I can search with it? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The format just looks like this: ... a SID might look like in the LDAP world. ... (microsoft.public.platformsdk.security) Re: How to get the correct SID format so I can search with it? ... I got the domain sid in the SDDL format ... I convert the objectSid into a byteand append it to the domain sid, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... (microsoft.public.platformsdk.security) Re: Getting windows user-name without domain name ... which will convert it to a different format. ... Parsing it out would be ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... (microsoft.public.dotnet.framework.aspnet.security) Re: Impersonating user ... authenticate them somehow? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... However we want to impersonate the user. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Web Single Sign On ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... current Windows credentials to the server, ... This common identity is the user's username used to logon to the ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2007-02