I am trying to set up a custom ASP.NET membership provider to authenticate using LDAP and Apache DS. This is what my web.config entry looks like:
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionProtection="None"
connectionUsername="uid=myid, O=this domain"
connectionPassword="mypwd"
attributeMapUsername="sAMAccountName"
enableSearchMethods="True" />
I am not having much luck here, probably owing to the fact that I have no idea what I am doing. I am hoping someone can at least verify I am headed in the right direction?
You can't use the ActiveDirectoryMembershipProvider for LDAP, it requires a real ActiveDirectory server. Unless Apache DS emulates AD, you won't be able to use this.
You're going to have do a custom membership provider. THere's a working example here:
http://forums.asp.net/t/970391.aspx/1
Related
I'am creating a dynamic web form aplication. It stores the users data in another database (external server)
I know that there is aspnet_regsql.exe but i have no idea how to implement it on external server.
(i also can't loose data from existing database)
How can i force default login system to check if my database have valid credentials in my Password and UserName columns ?
Thanks in advance.
Membership using aspnet_regsql.exe has been obsoleted.
There are new ones -
Universal Providers
Simple Membership
ASP.NET Identity
Universal Providers will be the closest if you want to use the legacy Membership.
It stores the users data in another database (external server) I know
that there is aspnet_regsql.exe but i have no idea how to implement it
on external server.
Yes, you can store the Membership's tables in another database. If so, you will need to have separate connection string for the Membership.
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear/>
<add name="DefaultMembershipProvider" connectionStringName="MyConnection" ... />
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="false"
defaultProvider="DefaultRoleProvider">
<providers>
<clear/>
<add name="DefaultRoleProvider" connectionStringName="MyConnection" ... />
</providers>
</roleManager>
I would like to use mvc4 Simple membership provider. So I set up a new MVC4 internet application. Click Debug and I see that db and tables were created for me.
Is this all I need to do?.
Some articles:
http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
http://blog.longle.net/2012/09/25/seeding-users-and-roles-with-mvc4-simplemembershipprovider-simpleroleprovider-ef5-codefirst-and-custom-user-properties/
tell me to add
<membership defaultProvider >...
section. is this necessary?
Also:
I can't get ASP.Net configuration tool to work. It says "An error was encountered. Please return to the previous page and try again. "
??
If you created a new MVC 4 web application using the Internet template it should have wired up SimpleMembership for a basic log-on/log-off functionality. It should have already updated your web.config with the proper settings. It should have setup the membership and roles and they should looks something like this.
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
SimpleMembership does not use the ASP.NET Configuration Tool used with the traditional ASP.NET membership. You have to create your own web pages for managing roles and users.
The Internet template just creates the basic functionality for authentication and authorization in your application. But SimpleMembership is very extensible. For example it is fairly easy to customize what type of information you want to capture in the user profile or setup email confirmation of new users.
I have setup my MVC application already to use the Membership provider along with AD.
I am able to login and see details about users and such.
My next step is to implement some sort of SSO with my SharePoint 2010 application. From what I understand, Claims-Based authentication may be a good approach for my situation. Both my MVC app and the SharePoint app will be hosted on the same domain if this helps with the question.
I have setup a Claims-Based SharePoint application, so I'm assuming I need to find out how to let SharePoint know that the user has logged into my MVC app so they don't need to login again, which is where ADFS might come into play.
Does anybody have any experience with this topic. If so, are there any resources available to look at for research?
I have found that Active Directory already supports multi-tenancy within a domain.
Make certain that applicationName setting in your web.config is the same for your Sharepoint and MVC apps.
<membership>
<providers>
<clear/>
<add
name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
.......
applicationName="/"
/>
</providers>
</membership>
I'm trying to evaluate AzMan for one of my ASP.NET applications but I have a strange problem. My test application expects three roles:
User
Owner
Admin
I created XML Authorization store located in application's App_Data and added these role definitions. I configured my test ASP.NET application to use AuthorizationStoreRoleProvider and I added some test code wich uses Principal.IsInRole and PrincipalPermission. Everything worked well on my local computer with local accounts assigned to roles in AzMan.
Then I moved my test application to the server and a I assigned Active Directory users and Groups to AzMan's roles. Now PrincipalPermission and Principal.IsInRole don't work any more. Interesting is that if I assign builtin Everyone group into any role it works so there is some problem with AD users and groups assigned to roles. Can I use XML authorization store with AD groups and users? What else can cause such problems?
Check the security settings on your asp.net application.
It sounds like annonymous authentication is on, so your users are coming in as annonymous users, not themselves, therefore it works for the everyone group.
<roleManager enabled="true" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="AspNetWindowsTokenRoleProvider" createPersistentCookie="false" maxCachedResults="25">
<providers>
<clear/>
<add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
Very simple question actually:
I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.
I currently have this in my Web.Config:
UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")
However I still like to know if the <membership> entry is needed at all?
What should I change? (and is the <membership> entry needed at all?)
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add
name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXX\specialAdUser"
connectionPassword="xx"
/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="WindowsProvider">
<providers>
<clear />
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.
In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.
So no, you don't need the provider configuration at all.
The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.
BlogEngine.NET has an Active Directory role provider.
Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)
Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).
There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?
Marc