| Groups | Blog | Home |
asp.net security : MembershipProvider and ADAM
I am trying to find the simplest way to work with ADAM (or any other AD) and I have discovered the MembershipProvider class.... seems like it is doing just about everything I need. So, my project is developed on Windows XP, VS 2005 C# and I am not targeting ASP.... but seems like this is the best forum for my question. Here is my configuration file: <configuration> <connectionStrings> <add name="AdamConnectionString" connectionString="LDAP://localhost:389/O=Microsoft,C=US"/> </connectionStrings> <system.web> <membership defaultProvider="MyADMembershipProvider"> <providers> <add name="MyADMembershipProvider" connectionStringName="AdamConnectionString" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" description="ADAM Provider" connectionProtection="None" /> </providers> </membership> </system.web> </configuration> In my code, I try to get the membership provider like so: MembershipProvider provider = (MembershipProvider)Membership.Providers["MyADMembershipProvider"]; And I get this error: "Unable to establish secure connection with the server using SSL." I have tried different combination, nothing works. Funny becuase if I use the DirectoryServices classes, I can easily enumerate the content of my ADAM store. Is there an article or some reference somewhere to get me started with providers and ADAM? Thank you -Martin
Hello Martin,
As for the following error you encountered when using the AD membership provider. ==================== "Unable to establish secure connection with the server using SSL." ==================== Since I'm not sure about your local AD environment, assume that the LDAP connectionstring has no problem. Based on my research, it is likely the AD membership provider has choosed to use SSL connection to access AD server. And this is done when we configured the AD membership provider's "connectionProtetion" as "secured". However, from the configuration section you pasted, you've already set the "connectionProtection" as "None". Another one I found in your configuration fragement is that you haven't explicitly provide the "connectionUsername" and "connectionPassword" in the provider element, based on my research, the username/password is required when we use "connectionProtection="None"". You can have a look at the following article which has mentioned the AD connectionstring and provider configuration: #How To: Use Membership in ASP.NET 2.0 http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000022.asp?frame=tr ue I've tried both connectionProtection with "Secure" and "None" and both of them work correctly. e.g. ======================== <add name="ADAMMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" connectionProtection="None" connectionUsername="username" connectionPassword="password" [quoted text, click to view] ></add> ==============================or ==================== <add name="ADAMMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" connectionProtection="Secure" connectionUsername="stcheng@fareast.corp.microsoft.com" connectionPassword="sc@1982!!1" [quoted text, click to view] ></add> =======================BTW, have you also tried using the connectionstring to the remote AD users store in your environment: LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com as mentioned in the above article to see whether it works. Here are some other articles which has described using ASP.NET 2.0 membership/ role management service: #ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C0 0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx Please feel free to let me know if you have any further finding. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights.
Thank you Steven,
I'll have a look at what you sent. -Martin [quoted text, click to view] "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message news:LokoXAyyGHA.4220@TK2MSFTNGXA01.phx.gbl... > Hello Martin, > > As for the following error you encountered when using the AD membership > provider. > > ==================== > "Unable to establish secure connection with the server using SSL." > ==================== > > Since I'm not sure about your local AD environment, assume that the LDAP > connectionstring has no problem. Based on my research, it is likely the AD > membership provider has choosed to use SSL connection to access AD server. > And this is done when we configured the AD membership provider's > "connectionProtetion" as "secured". However, from the configuration > section you pasted, you've already set the "connectionProtection" as > "None". > > Another one I found in your configuration fragement is that you haven't > explicitly provide the "connectionUsername" and "connectionPassword" in > the > provider element, based on my research, the username/password is required > when we use "connectionProtection="None"". You can have a look at the > following article which has mentioned the AD connectionstring and provider > configuration: > > > #How To: Use Membership in ASP.NET 2.0 > http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000022.asp?frame=tr > ue > > I've tried both connectionProtection with "Secure" and "None" and both of > them work correctly. e.g. > > ======================== > <add name="ADAMMembershipProvider" > type="System.Web.Security.ActiveDirectoryMembershipProvider, > System.Web, Version=2.0.0.0, > Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" > connectionStringName="ADConnectionString" > enableSearchMethods="true" > connectionProtection="None" > > connectionUsername="username" > connectionPassword="password" > > ></add> > ============================== > > or > > ==================== > <add name="ADAMMembershipProvider" > type="System.Web.Security.ActiveDirectoryMembershipProvider, > System.Web, Version=2.0.0.0, > Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" > connectionStringName="ADConnectionString" > enableSearchMethods="true" > connectionProtection="Secure" > > connectionUsername="stcheng@fareast.corp.microsoft.com" > connectionPassword="sc@1982!!1" > >></add> > ======================= > > > BTW, have you also tried using the connectionstring to the remote AD users > store in your environment: > > LDAP://domain.testing.com/CN=Users,DC=domain,DC=testing,DC=com > > as mentioned in the above article to see whether it works. > > Here are some other articles which has described using ASP.NET 2.0 > membership/ role management service: > > > #ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security > Resources > http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C0 > 0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx > > Please feel free to let me know if you have any further finding. > > Sincerely, > > Steven Cheng > > Microsoft MSDN Online Support Lead > > > > ================================================== > > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues > where an initial response from the community or a Microsoft Support > Engineer within 1 business day is acceptable. Please note that each follow > up response may take approximately 2 business days as the support > professional working with you may need further investigation to reach the > most efficient resolution. The offering is not appropriate for situations > that require urgent, real-time or phone-based interactions or complex > project analysis and dump analysis issues. Issues of this nature are best > handled working with a dedicated Microsoft Support Engineer by contacting > Microsoft Customer Support Services (CSS) at > http://msdn.microsoft.com/subscriptions/support/default.aspx. > > ================================================== > > > > This posting is provided "AS IS" with no warranties, and confers no > rights. > >
Hi Martin,
I've found your another new thread "MembershipProvider, ADAM and userProxy" in this newsgroup. Have you got the problem in this thread resolved? Anyway, if you feel convenient that we continue to discuss in that thread, please feel free to followup there. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead This posting is provided "AS IS" with no warranties, and confers no rights.
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |