I've got a web application that is setup to run under an account called ASPNETDOMAIN.
The web application runs without a problem (deployed to Win2k3-r2), but when I setup forms authentication to authenticate with Active Directory I run into problems with deployment. In Visual Studio 2005 I can login and use the application, but when I deploy
to my local IIS (win xp) or to a server, I get the following message when I try to login:
Parser Error Message: Unable to establish secure connection with the server
I think this is because I have to setup a Service Principal Name. When I try to set this up according to the instructions at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000009.asp, I get:
FindDomainForAccount: DsGetDcNameWithAccountW failed!
Unable to locate account ASPNETDOMAIN
I also reviewed article at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGPractices0001.asp
but step 2 does not work. when I run:
aspnet_regiis -ga mydomain\aspnetdomain
I get:
Start granting mydomain\aspnetdomain access to the IIS metabase and other directories used by ASP.NET.
The user 'mydomain\aspnetdomain' does not exist.
but the account does exist. It may be relevant to point out that my PDC is a Win2k server. My config details are below. Can anyone help me figure out how to get this account to work for my web app? Any help is much appreciated.
archuleta37
Member
115 Points
23 Posts
Service Principal Name and AD authentication
Jul 19, 2006 05:11 PM|LINK
The web application runs without a problem (deployed to Win2k3-r2), but when I setup forms authentication to authenticate with Active Directory I run into problems with deployment. In Visual Studio 2005 I can login and use the application, but when I deploy to my local IIS (win xp) or to a server, I get the following message when I try to login:
Parser Error Message: Unable to establish secure connection with the server
I think this is because I have to setup a Service Principal Name. When I try to set this up according to the instructions at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000009.asp, I get:
FindDomainForAccount: DsGetDcNameWithAccountW failed!
Unable to locate account ASPNETDOMAIN
I also reviewed article at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGPractices0001.asp
but step 2 does not work. when I run:
aspnet_regiis -ga mydomain\aspnetdomain
I get:
Start granting mydomain\aspnetdomain access to the IIS metabase and other directories used by ASP.NET.
The user 'mydomain\aspnetdomain' does not exist.
but the account does exist. It may be relevant to point out that my PDC is a Win2k server. My config details are below. Can anyone help me figure out how to get this account to work for my web app? Any help is much appreciated.
<connectionStrings>
<add name="ADConnectionString"
connectionString="LDAP://myserver.mydomain.local:389/CN=Users,DC=myserver,DC=mydomain,DC=local"/>
</connectionStrings>
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
connectionStringName="ADConnectionString"
enableSearchMethods="true"
attributeMapUsername="samAccountName"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
/>
</providers>
</membership>
I get:
Parser Error Message: Unable to establish secure connection with the server
and with the following attributes set for MembershipADProvider:
connectionUsername="mydomain\aspnetdomain"
connectionPassword="mypassword"
connectionProtection="None"
I get:
Parser Error Message: Logon failure: unknown user name or bad password.