"Noremac" <Noremac@newsgroups.nospam> wrote in message
news:E5728932-154D-4072-AEF2-8B481F3DA5E6@microsoft.com...
> Hi Joe,
>
> I think I am getting close.
>
> The missing piece for the certificate setup for me was going into MMC and
> adding a Certificates SNAP-IN pointing to the ADAM Instance Service. Then
> I
> added fabrikam to the Personal folder. I tested with ldp and confirmed it
> connects.
>
> Also, I found this relevant blog: http://www.oftedal.no/~erlend/?blogid=7.
> Also, if you don't have a cert, look at this one:
> http://blogs.msdn.com/cjacks/archive/2005/11/15/493122.aspx
>
> The other piece of the puzzle that is missing for me is connecting through
> the Membership provider in ASP.NET 2.0. With connectionProtection="Secure"
> it
> complains with "Logon failure: unknown user name or bad password". It is
> calling the exception a Configuration Error. The exception is only
> published
> to the application event viewer through the generic ASP.NET 2.0 logging
> handler. Nothing is reported to the Security Audit log nor the ADAM
> instance
> log.
>
> BTW, this happens when I call Membership.GetAllUsers();
>
> I have no users in the ADAM so far.
>
> We won't be using ADAM for authenticating users. The users will exist
> through CardSpace or OpenId. We'll just be using ADAM as an account store
> to
> augment those identities with some attributes we want (last visited,
> etc.).
>
> So the idea is the Windows Identity of the ASPNET process (currently the
> same one running the ADAM instance on my dev box) will connect to ADAM to
> create and retrieve user objects. But is this the wrong idea? Do I need to
> create an ADAM user object through LDP that will be the administrator and
> then hard-code that username and password into web.config?
>
> Noremac
>
> "Joe Kaplan" wrote:
>
>> If you already have an SSL cert for fabrikam.com, you can use that for
>> ADAM
>> (as long as you use the fabrikam.com DNS name to connect, not localhost).
>>
>> For ADAM, you want to install the cert and private key into store for the
>> service account running ADAM. If you do some Google searches, you'll
>> find
>> more details.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "Noremac" <Noremac@newsgroups.nospam> wrote in message
>> news:F3BA4B55-8725-4222-9CA1-1A651539C012@microsoft.com...
>> >I am going around in circles. Sorry for posting a question that may
>> >already
>> > be answered.
>> >
>> > I want to use the ADAM Membership Provider on my development Windows XP
>> > machine using VS2005.
>> >
>> > I have ADAM working on my local computer. I got it working through the
>> > ASP.NET 2.0 RBAC article.
>> >
>> > I setup web.config based on stuff I googled. But when I call this line:
>> > MembershipUserCollection users = Membership.GetAllUsers(), I get the
>> > "Unable
>> > to establish secure connection with the server using SSL".
>> >
>> > I can only find references to getting SSL with W2K machines or
>> > disabling
>> > SSL
>> > on XP machines. I want to have SSL work on XP.
>> >
>> > I do have a fabrikam certificate from other samples I have on this
>> > machine.
>> >
>> > These are the ldap connection strings I have tried that do not work:
>> > LDAP://localhost:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
>> > LDAP://localhost:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
>> > LDAP://fabrikam.com:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
>> > LDAP://fabrikam.com:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C=US
>> >
>> > Thanks!
>> > Noremac
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>>

> Hi Joe,
>
> I think I am getting close.
>
> The missing piece for the certificate setup for me was going into MMC
> and adding a Certificates SNAP-IN pointing to the ADAM Instance
> Service. Then I added fabrikam to the Personal folder. I tested with
> ldp and confirmed it connects.
>
> Also, I found this relevant blog:
> http://www.oftedal.no/~erlend/?blogid=7. Also, if you don't have a
> cert, look at this one:
> http://blogs.msdn.com/cjacks/archive/2005/11/15/493122.aspx
>
> The other piece of the puzzle that is missing for me is connecting
> through the Membership provider in ASP.NET 2.0. With
> connectionProtection="Secure" it complains with "Logon failure:
> unknown user name or bad password". It is calling the exception a
> Configuration Error. The exception is only published to the
> application event viewer through the generic ASP.NET 2.0 logging
> handler. Nothing is reported to the Security Audit log nor the ADAM
> instance log.
>
> BTW, this happens when I call Membership.GetAllUsers();
>
> I have no users in the ADAM so far.
>
> We won't be using ADAM for authenticating users. The users will exist
> through CardSpace or OpenId. We'll just be using ADAM as an account
> store to augment those identities with some attributes we want (last
> visited, etc.).
>
> So the idea is the Windows Identity of the ASPNET process (currently
> the same one running the ADAM instance on my dev box) will connect to
> ADAM to create and retrieve user objects. But is this the wrong idea?
> Do I need to create an ADAM user object through LDP that will be the
> administrator and then hard-code that username and password into
> web.config?
>
> Noremac
>
> "Joe Kaplan" wrote:
>
>> If you already have an SSL cert for fabrikam.com, you can use that
>> for ADAM (as long as you use the fabrikam.com DNS name to connect,
>> not localhost).
>>
>> For ADAM, you want to install the cert and private key into store for
>> the service account running ADAM. If you do some Google searches,
>> you'll find more details.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "Noremac" <Noremac@newsgroups.nospam> wrote in message
>> news:F3BA4B55-8725-4222-9CA1-1A651539C012@microsoft.com...
>>> I am going around in circles. Sorry for posting a question that may
>>> already be answered.
>>>
>>> I want to use the ADAM Membership Provider on my development Windows
>>> XP machine using VS2005.
>>>
>>> I have ADAM working on my local computer. I got it working through
>>> the ASP.NET 2.0 RBAC article.
>>>
>>> I setup web.config based on stuff I googled. But when I call this
>>> line:
>>> MembershipUserCollection users = Membership.GetAllUsers(), I get the
>>> "Unable
>>> to establish secure connection with the server using SSL".
>>> I can only find references to getting SSL with W2K machines or
>>> disabling
>>> SSL
>>> on XP machines. I want to have SSL work on XP.
>>> I do have a fabrikam certificate from other samples I have on this
>>> machine.
>>>
>>> These are the ldap connection strings I have tried that do not work:
>>> LDAP://localhost:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C
>>> =US
>>> LDAP://localhost:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNet,C
>>> =US
>>> LDAP://fabrikam.com:389/CN=AzManAdamStore,OU=SecNetPartition,O=SecNe
>>> t,C=US
>>> LDAP://fabrikam.com:636/CN=AzManAdamStore,OU=SecNetPartition,O=SecNe
>>> t,C=US
>>>
>>> Thanks!
>>> Noremac