Re: login control blues

I'm not an expert on encrypting the web.config, but the built in stuff in
ASP.NET 2.0 should be the way to go. You would need to read up on that or
ask someone else.

Ideally, you would be able to configure the provider to use the App Pool
identity in IIS for doing the queries to AD. If the server is domain joined
(it might not be), then the machine account for the server should have the
necessary permissions to execute the required LDAP queries.

If the machine is not domain joined, then you'll need plaintext creds and
will need to secure them somehow. I would think you would be able to use a
fixed service account instead of needing to use your personal domain creds.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<ChandrikaHarathi@xxxxxxxxx> wrote in message
news:1190923945.951975.291660@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello Joe,
I used the article you mentioned to initially create a test site:
I do not need pwdreset/unlock acct etc not remember pwd or create
acct.

Having account Lockout on default number of failed attempts should
work -- did not test this.

My above "template" works only if I use my domain credentials on the
providers connectionUsername and ConenctionPassword. I was given a
service account that does not work, it returns the login-control
error message. I will check with infrastructure gp about the service
acct.

How to secure the web.config?? I did see an encrypt procedure on msdn,
Is that the best way ?

As always: your advice is the best.
thanks,



.