I have setup a basic application which uses the ActiveDirectoryMembershipProvider to talk to our AD and authenticate users. It's a simple login page with the control which redirects me to a simple output of who is logged in and associated ticket information, this works great and when I test it on my development machine it just works.
However if I deploy this to the webserver under a virtual directory, it simple refuses to direct or even acknowledge that there ticket is a valid ticket, it just refreshes back to the login page. If I type in rubbish credentials it actually recognises this and tells me there';s an error, but if I login successfully it just refreshes the page. When I manually go the information page it treats me as an unauthenticated user!
This is most puzzling! Any help would be greatly appreciated!
Thanks
Jon
As requested a section of the Web.config
<connectionStrings>
<add name="ActiveDirectory" connectionString="LDAP://x.x.x.117:389/OU=Users,DC=BC,DC=Local"/>
</connectionStrings>
<membership defaultProvider="ADMembershipProvider">
<providers>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ActiveDirectory" connectionUsername="xxxxxx" connectionPassword="xxxxxxx" attributeMapUsername="sAMAccountName" applicationName="/"/>
</providers>
</membership>
Have you turned on impersonation in the web.config file? I belive there are some issues revolving the membership provider that need impersonation to work properly.
<forms slidingExpiration="true" **path="/Search"** name=".ADAuthCookie" timeout="10"/>
It was also helpful to include a 'path' attribute!!!!
Jon
Related
I am working on a project in ASP.NET using MembershipProvider for my login system. Our issue is that the ASPNETDB file generated by ASP.NET upon creation of the login system seems to be empty or is not properly storing member information. Our project is a Web Site project, and we ran into a weird case of not being able to maintain login info. I gave my colleague my ASPNETDB file, he overwrote his and yet the login system was still using his old member information, it would not recognize the new ASPNETDB file. So I'm assuming the issue is that the member information is not being stored in that specific file as I was expecting.
How do we remedy this? We need to install this system for a client, so we will probably host the site sometime soon, how do we localize the membership information so that it's consistent across multiple workstations? Right now the membership info seems to be tied to specific computers. And when we go into the ASPNETDB file there doesn't seem to be anything there.
Can anyone shine some light on this? Its been happening for a while now.
I still don't know how to make it so that it always pulls from the
same location (project directory) instead of SQL server.
In ASP.NET Membership, connection strings for memership and roleManager are in web.config. You just need to update them accordingly.
<configuration>
<connectionStrings>
<remove name="SqlConnection"/>
<add name="SqlConnection" connectionString="..."/>
</connectionStrings>
<system.web>
<membership>
<providers>
<clear/>
<add connectionStringName="SqlConnection" ... />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear/>
<add connectionStringName="SqlConnection" ../>
</providers>
</roleManager>
</configuration>
I am programming an application that uses custom membership provider.
In my custom roleprovider web.config file I have:
<roleManager defaultProvider="ModuleProvider" enabled="true" cacheRolesInCookie="true">
<providers>
<clear />
<add name="ModuleProvider" type="Website.Helpers.Security.ModuleProvider, Website" connectionStringName="CasinoEntities" />
</providers>
</roleManager>
The problem is that when user logs off, roles cookie are not deleted, so that, when user logs again, old assigned roles are loaded. This is solved when user closes the browser and openes again, but that is not the idea.
I tried with Roles.DeleteCookie() in log off method, without success.
The log off method only contains a call to FormsAuthentication.SignOut();
Any help will he appreciated.
Regards,
Jaime
I'm trying to develop a web application with Novell LDAP Authentication.
I have added in my form login.aspx the Login control and I have configured the web.config in this way:
<connectionStrings>
<add connectionString="LDAP://10.0.0.100:389/cn=admin,o=pippo" name="myConnectionString"/>
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="myConnectionString"
port="389"
useSSL="false"
connectionProtection="None"
connectionUsername="cn=admin,o=pippo"
connectionPassword="admin"
enableSearchMethods="true"
/>
</providers>
</membership>
But when I click on login button i receive this error:
"This provider can target only Active Directory and ADAM directories."
I noticed that if I'm wrong password the error message changes to:
"Logon failure: unknown user name or bad password". So I think that in some way the application is connected with ldap server and communicate with it.
Now the questions...
Which kind of provider I must choose? Or how can I setup the ActiveDirectoryMembershipProvider in order to make login against LDAP Novell?
In other word, how can develop LDAP Authentication Code to Look Up the User in Novell's LDAP?
Thanks to all in advance
Regards
You will need to create a custom membership provider. There's an example here:
http://forums.asp.net/t/970391.aspx/1
Very simple question actually:
I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.
I currently have this in my Web.Config:
UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")
However I still like to know if the <membership> entry is needed at all?
What should I change? (and is the <membership> entry needed at all?)
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add
name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXX\specialAdUser"
connectionPassword="xx"
/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="WindowsProvider">
<providers>
<clear />
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.
In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.
So no, you don't need the provider configuration at all.
The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.
BlogEngine.NET has an Active Directory role provider.
Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)
Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).
There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?
Marc
i'm a little confused while trying to find out how ActiveDirectory and ASP.NET Membership work... I've created a new MVC project and removed the AccountController / Views. I've changed the Web.Config so that it uses ActiveDirectory and automatically authenticates users based on their current Windows login:
Web.Config
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<clear/>
<add
name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="MYDOMAIN\myuser"
connectionPassword="xxx"
/>
</providers>
</membership>
This works nicely, as I can do the following to get the users username like this:
User.Idenity.Name() 'Gives MYDOMAIN\myuser
Looking at the following, actually makes me confused:
Threading.Thread.CurrentPrincipal.Identity.Name() 'Gives MYDOMAIN\myuser
1. Shouldn't the thread identity be IUSR_WORKSTATION or ASPNET_WP username?
2. What's the difference between Authentication and Impersonation?
myuser is the Authenticated user on that application, that's why your CurrentPrincipal is giving you MYDOMAIN/myuser. The application impersonates IUSR_WORKSTATION when it uses resources like the database, and is a completely different issue.
If you go to Project on your toolbar, and select ASP.NET Configuration, it will open a website that lets you access these settings and create users, roles etc.