I'm trying to develop a web application with Novell LDAP Authentication.
I have added in my form login.aspx the Login control and I have configured the web.config in this way:
<connectionStrings>
<add connectionString="LDAP://10.0.0.100:389/cn=admin,o=pippo" name="myConnectionString"/>
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="myConnectionString"
port="389"
useSSL="false"
connectionProtection="None"
connectionUsername="cn=admin,o=pippo"
connectionPassword="admin"
enableSearchMethods="true"
/>
</providers>
</membership>
But when I click on login button i receive this error:
"This provider can target only Active Directory and ADAM directories."
I noticed that if I'm wrong password the error message changes to:
"Logon failure: unknown user name or bad password". So I think that in some way the application is connected with ldap server and communicate with it.
Now the questions...
Which kind of provider I must choose? Or how can I setup the ActiveDirectoryMembershipProvider in order to make login against LDAP Novell?
In other word, how can develop LDAP Authentication Code to Look Up the User in Novell's LDAP?
Thanks to all in advance
Regards
You will need to create a custom membership provider. There's an example here:
http://forums.asp.net/t/970391.aspx/1
Related
We are implementing a website in APS.NET MVC4 which has to run on intranet. We got a requirement for windows authentication with Active Directory (LDAP). When i change the authentication mode to windows from Forms , application logging automatically without explicit username and password from login page.
How to achieve windows authentication, in which the logon page which accept the username and password and should validate?
Please provide me if there are any examples...any help much appreciated.
Thanks in advance
You could leave FormsAuthentication enabled and then add the following membership provider:
<connectionStrings>
<add name="ADConnectionString" connectionString="YOUR AD CONNECTION STRING" />
</connectionStrings>
and then:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" />
</authentication>
<membership defaultProvider="MY_ADMembershipProvider">
<providers>
<clear />
<add name="MY_ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
</system.web>
The method you did already seems to be correct.
In windows authentication, you will get logged automatically if you try to load the page from the same machine. However it will ask for the windows credentials if you try to login from a different machine.
I am trying to build a very basic website using ASP.NET to allow users access the private information by logging into the company Active Directory. Any help is really appreciated.
You will want to set up configuration in the web.config file to tell the ASP.Net app to use forms authentication:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" cookieless="UseCookies" />
</authentication>
Then you will need to create a membership provider that will connect to AD for authentication. Fortunately Microsoft has provided an AD membership provider out of the box, so you can use that. If you set it as the defaultProvider, ASP.Net will automatically use it for authentication.
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="<domainName>\administrator"
connectionPassword="password"/>
</providers>
</membership>
Finally, you will need to set up a connection string to connect to your domain controller:
<connectionStrings>
<add name="ADService" connectionString="LDAP://myCompany.com/DC=myCompany,DC=com"/>
</connectionStrings>
Look here for a good reference with more details.
I have setup a basic application which uses the ActiveDirectoryMembershipProvider to talk to our AD and authenticate users. It's a simple login page with the control which redirects me to a simple output of who is logged in and associated ticket information, this works great and when I test it on my development machine it just works.
However if I deploy this to the webserver under a virtual directory, it simple refuses to direct or even acknowledge that there ticket is a valid ticket, it just refreshes back to the login page. If I type in rubbish credentials it actually recognises this and tells me there';s an error, but if I login successfully it just refreshes the page. When I manually go the information page it treats me as an unauthenticated user!
This is most puzzling! Any help would be greatly appreciated!
Thanks
Jon
As requested a section of the Web.config
<connectionStrings>
<add name="ActiveDirectory" connectionString="LDAP://x.x.x.117:389/OU=Users,DC=BC,DC=Local"/>
</connectionStrings>
<membership defaultProvider="ADMembershipProvider">
<providers>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ActiveDirectory" connectionUsername="xxxxxx" connectionPassword="xxxxxxx" attributeMapUsername="sAMAccountName" applicationName="/"/>
</providers>
</membership>
Have you turned on impersonation in the web.config file? I belive there are some issues revolving the membership provider that need impersonation to work properly.
<forms slidingExpiration="true" **path="/Search"** name=".ADAuthCookie" timeout="10"/>
It was also helpful to include a 'path' attribute!!!!
Jon
Very simple question actually:
I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.
I currently have this in my Web.Config:
UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")
However I still like to know if the <membership> entry is needed at all?
What should I change? (and is the <membership> entry needed at all?)
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add
name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXX\specialAdUser"
connectionPassword="xx"
/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="WindowsProvider">
<providers>
<clear />
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.
In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.
So no, you don't need the provider configuration at all.
The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.
BlogEngine.NET has an Active Directory role provider.
Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)
Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).
There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?
Marc
i'm a little confused while trying to find out how ActiveDirectory and ASP.NET Membership work... I've created a new MVC project and removed the AccountController / Views. I've changed the Web.Config so that it uses ActiveDirectory and automatically authenticates users based on their current Windows login:
Web.Config
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<clear/>
<add
name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="MYDOMAIN\myuser"
connectionPassword="xxx"
/>
</providers>
</membership>
This works nicely, as I can do the following to get the users username like this:
User.Idenity.Name() 'Gives MYDOMAIN\myuser
Looking at the following, actually makes me confused:
Threading.Thread.CurrentPrincipal.Identity.Name() 'Gives MYDOMAIN\myuser
1. Shouldn't the thread identity be IUSR_WORKSTATION or ASPNET_WP username?
2. What's the difference between Authentication and Impersonation?
myuser is the Authenticated user on that application, that's why your CurrentPrincipal is giving you MYDOMAIN/myuser. The application impersonates IUSR_WORKSTATION when it uses resources like the database, and is a completely different issue.
If you go to Project on your toolbar, and select ASP.NET Configuration, it will open a website that lets you access these settings and create users, roles etc.