Re: LDAP Authentication

One of the things with the membership provider framework is that you don't actually have to implement every single interface member when building your provider. You only really need to implement the members that correspond to the features you need. If all you need are the members for checking credentials, you don't need to build the methods that write new users, reset passwords or look people up for directory searches and such.

The key will be focusing in on the algorithm used to implement the LDAP authentication. Normally, the core of this is a bind operation. In many directories, you also must perform some sort of name translation prior to the bind. This is because the bind may require that the username be submitted in full "distinguished name" yet most users don't know this name and it is too long to type anyway, so they supply some sort of short name. You frequently need to look up the DN based on the short name but will need a service account with permissions to perform this query in order to do so. Most of the complexity stems from managing all that stuff and figuring out the LDAP details to make that work on your given directory platform.

I'm sure there are some docs out there that have algorithmic descriptions of how to implement LDAP auth on Sun One that can be applied to the .NET LDAP APIs as needed.

Best of luck!

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Hutty" <Hutty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:02C9F661-C047-4D7E-831C-1BBF84F1D339@xxxxxxxxxxxxxxxx
Thanks Joe for your responses. Not exactly what I was hoping to hear, but did
shed some light on the problem at hand. Building my own directory sounds like
the best course of action. Hopefully that will be straightforward.

Regards,
--
Hutty


"Joe Kaplan" wrote:

The web server you are running this on shouldn't matter. What matters is
the backend LDAP store you are trying to use. In your case, the store is
not supported.

The membership provider framework is extensible, so you could write your own
LDAP auth membership provider that is coded to work with Sun One. You could
use S.DS.Protocols for this which is a lower level, less "MS-specific" LDAP
API.

You can use a tool like reflector to reverse engineer the existing provider
to see how it works.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Hutty" <Hutty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A55F761D-15A9-4254-B698-282200C4206A@xxxxxxxxxxxxxxxx
> Thanks for the reply Joe.
>
> Actually, I am trying to connect using Visual Web Studio 2008. Do I > need
> to
> ask for permission to connect using this provider?
>
> If I can't connect using this method, what are my alternatives?
>
> Thanks
> -- > Hutty
>
>
> "Joe Kaplan" wrote:
>
>> I think it is exactly as it says. The provider is specifically >> designed
>> only for AD and ADAM. You mentioned you had Sun One.
>>
>> Are you asking how it is that the provider can tell your directory is >> not
>> AD
>> or ADAM?
>>
>> -- >> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> "Hutty" <Hutty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:66A1AD76-FD58-4139-97C6-14BD9CD5425E@xxxxxxxxxxxxxxxx
>> > Hi,
>> >
>> > I am trying to authenticate user and password against Sun One LDAP. >> > I
>> > am
>> > getting the following message when trying to connect:
>> >
>> > This provider can target only Active Directory and ADAM directories
>> >
>> > Any ideas why I am getting this messages?
>> > Here's my connecting info:
>> >
>> > <add name="ADConnectionString"
>> > connectionString="LDAP://ldap-r.hutty.edu:123/ou=people,dc=hutty,dc=edu"/>
>> >
>> > connectionStringName="ADConnectionString"
>> > connectionUsername="cn=user1,ou=roles,dc=hutty,dc=edu
>> > " connectionPassword="password"/>
>> >
>> > Thanks
>> >
>> >
>> > -- >> > Hutty
>>
>>



.

Relevant Pages

  • Re: LDAP Authentication
    ... What matters is the backend LDAP store you are trying to use. ... The membership provider framework is extensible, so you could write your own LDAP auth membership provider that is coded to work with Sun One. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Membership custom provider - logout function
    ... The custom membership provider should work against this security server. ... the data store does not generate a sessionID - the data store says yes/no to the credentials - and afterwards the login control creates something called an "authentication ticket" - this tickets get "attached" to the current request/response using either a cookie or query string mangling. ... You can configure the behaviour, lifetime, name etc. of that ticket using the config element. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: ActiveDirectory and user page Access
    ... User and role info is coming from Active directory ... This is a read-only provider that retrieves role information for a Windows ... together with both SQL and AD membership provider. ...
    (microsoft.public.vsnet.general)
  • Re: validaing security using AD groups... in web.config
    ... you're using ASP.NET membership provider and want ... use AD groups for authorization in the application,correct? ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Using login alias in Membership Provider
    ... ASP.NET app, but I am just writing the provider. ... or with the Login control: ... So are you using the AD membership provider currently? ...
    (microsoft.public.dotnet.framework.aspnet.security)