I have my config setup like below:
<configuration>
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://myldap/CN=Users,DC=nevco,DC=local"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="10" loginUrl="Login.aspx" defaultUrl="Default.aspx" />
</authentication>
<membership defaultProvider="DomainLoginMembershipProvider">
<providers>
<clear/>
<add name="DomainLoginMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
</system.web>
</configuration>
I can attempt to log on but every time it says I am using the incorrect username/password. Does it look like I am doing anything wrong above? Is there any way for me to find more information on why it's not finding my username/pass?
UPDATE:
Do I need to provide a Username and Password in my membership/providers section?
Ok, I ended up using an LDAP browser to examine the structure. After a little fudging around I changed my LDAP url to this:
LDAP://myldap/DC=nevco,DC=local
And it started working. Hope this helps someone!
Why make the user login in at all?
Try this provider
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
you can then do something to see if they are authorized Roles.
Roles.IsUserInRole("someGroupInAd")
Your web site would have to be setup with Integrated Windows Authentication in IIS
Related
I'm trying to develop an ASP.NET website which has registration and login functions. To do this, I'm using Membership by following this guide:
http://msdn.microsoft.com/en-us/library/ff648345.aspx
I've run Aspnet_regsql.exe and set up the database, and also changed by Web.config file to reflect this:
<connectionStrings>
<add name="MsSqlConnection" connectionString="Data Source=fostvm;Initial Catalog=db_74;User ID=user74;password=mypassword;Integrated Security=SSPI;" />
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="Account/Login.aspx"
protection="All"
timeout="30"
name="AppNameCookie"
path="/FormsAuth"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MsSqlConnection"
applicationName="WebSite10"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
I don't get any errors while loading the log in or registration page, but when I try to log in with dummy account data I get this error thrown:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
I've Googled it and found loads of threads from different forums and blogs but no solutions have worked.
Is there any glaring error in my config that I've missed?
Thanks.
My guess would be, that in your connection string you have.
Data Source=fostvm;Initial Catalog=db_74;User ID=user74;password=mypassword;Integrated Security=SSPI;
And can someone correct me, that when you have Integrated Security=SSPI specified, the User ID and password are ignored and windows authentication will be used? In this case most likly it would be Application Pool account, or maybe even IUSR_Account, for anonymous access, which may not have permissions to your database.
So to sum it up - try to remove the Integrated Security=SSPI from connection string, or replace it with Integrated Security=false
hello i found an error when i am working with the asp.net web administration tool security tab....and i am using the sqlProvider as the default provider.
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: An error occurred while attempting to initialize a System.Data.SqlClient.SqlConnection object. The value that was provided for the connection string may be wrong, or it may contain an invalid syntax. Parameter name: connectionString
Do you have a <connectionStrings /> element in your web.config file? You need this to be able to connect to your MembershipProvider and RoleProvider.
Here are the necessary elements you'll need to utilize the SqlMembershipProvider and the SqlRoleProvider.
Notice that there are the following sections:
<connectionStrings />
<membership /> (in the <system.web /> section)
<roleManager /> (in the <system.web /> section)
web.config
<configuration>
<connectionStrings>
<add name="YourConnectionString"
providerName="System.Data.SqlClient"
connectionString="data source=YOURSERVER;
initial catalog=YOURDB;user id=YOURINSTANCELOGIN;password=YOURPASSWORD;"/>
</connectionStrings>
<system.web>
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="YourConnectionString"
applicationName="YourApplicationName"/>
</providers>
</membership>
<roleManager
enabled="true"
defaultProvider="AspNetSqlRoleProvider">
<providers>
<clear />
<add
connectionStringName="YourConnectionString"
applicationName="YourApplicationName"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
</system.web>
</configuration>
I have to create a site that uses the active directory from another server to auth the user. First my page should try to auth the user automatically with his windows login and if this haven´t success it should ask him with a form for username/pw.
This is what i have so far in my Web.config, just a few code snippets. The web wasen´t as helpful as i hoped :-(
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com" />
</connectionStrings>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add
name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="testdomain\administrator"
connectionPassword="password"/>
</providers>
</membership>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
There is a very good article on mixing two authentication schemes here. Also see related question here
how can I add default users in my web.config to test my asp: login control
Thanx
I was wrong wrong wrong in my initial answer. You can set default users in Web.config if you do some simple authentication by yourself, but it doesn't seem to work when you are using the Login control.
I did some research, and it seems that, if you use the Login control, you can't set default users in Web.config and you have no way but setting a provider (as in a database) to store users credentials.
You can follow this tutorial from MSDN to configure what database to use:
Configuring an ASP.NET Application to Use Membership
The Web.config stuff:
<configuration>
<connectionStrings>
<add name="MySqlConnection" connectionString="Data
Source=MySqlServer;Initial Catalog=aspnetdb;Integrated
Security=SSPI;" />
</connectionStrings>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx"
name=".ASPXFORMSAUTH" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="MyApplication"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
</system.web>
</configuration>
I'm having trouble getting AD authentication working on my website. I have the following test code that works fine :
DirectoryEntry entry = new DirectoryEntry(srvr, usr, pwd);
object nativeObject = entry.NativeObject;
On my website I get an error "Your login attempt was not successful. Please try again.". I really haven't been able to figure out what's the underlying error in the process that prevents the login.
Here are the sections in my web.config :
<authentication mode="Forms">
<forms loginUrl="Default.aspx"
timeout="30"
name=".ADAuthCookie"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Edit.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADAuthConnection"
applicationName="/"
connectionProtection="Secure"
enableSearchMethods="true"
connectionUsername="company\usr"
connectionPassword="pwd"/>
</providers>
</membership>
Shouldn't this be all that is required? I don't plan to use profile so I haven't configured ProfileProvider, could this cause the problems?
Thanks for help!
Did you check out the
How To: Use Membership in ASP.NET 2.0
which gives a nice walk-through of how to set up and use AD membership provider? But glancing over that article, it seems you're doing everything right...
Except I don't know what your AD connection string looks like - can you show us that piece of information??