Home
ASP.NET Forums » General ASP.NET » Security » AD (Active Directory) Custom Membership Provider. Examples I understand. However, what type of access does the account need that you connect with?

AD (Active Directory) Custom Membership Provider. Examples I understand. However, what type of access does the account need that you connect with?

Last post 05-14-2008 6:25 PM by FMastro. 2 replies.

Sort Posts:

  • AD (Active Directory) Custom Membership Provider. Examples I understand. However, what type of access does the account need that you connect with?

    05-12-2008, 9:05 PM
    • Loading...
    • FMastro
    • Joined on 01-22-2004, 4:16 PM
    • Tampa, FL
    • Posts 148

    I understand theexamples and all the articles I've seen but I have yet to find what type of secrity that the user needs that .NET connects to LDAP with. I mean I can't use the network Admin account, IT won't allow that.

    So in the membership settings, if I only wanted to validate the user and see what groups they were a member of (I plan to use AD groups for roles)....

     

    <membership defaultProvider="ADProvider">
       <providers>
          <add name="ADProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider,
             System.Web, Version=2.0.0.0, Culture=neutral,
             PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="ADConnString"
             connectionUsername="charrandev.com\MembershipUser"
             connectionPassword="password"
             attributeMapUsername="SAMAccountName"/>

      </providers>
     

    What type of AD security does "MembershipUser" need in the above settings, if the user can not be a domain admin?  Will any old user work that has read only rights to the AD (as every user has) ?

    ...Mastro...
    HostedForYou.Com

    3 for 1 Web Hosting Packages

  • Re: AD (Active Directory) Custom Membership Provider. Examples I understand. However, what type of access does the account need that you connect with?

    05-12-2008, 10:48 PM
    Answer
    • Loading...
    • f16
    • Joined on 04-22-2008, 9:19 AM
    • Posts 5

    hi,

        The user must be a domain user. I have a project like your problem it work.another you can see :http://msdn.microsoft.com/en-us/library/ms998347.aspx . it can help you .

    if you  wanted to  see what groups  they were a memeber of ,you can  use DirectoryEntry to search and add code in Global.asax in the Application_AuthenticateRequest session add some code.

    like :

    void Application_AuthenticateRequest(Object src, EventArgs e)
        {// add roles to the user
            if (!(HttpContext.Current.User == null) && (HttpContext.Current.User.Identity.AuthenticationType == "Forms"))//&& !HttpContext.Current.User.Identity.IsAuthenticated
            {
                if (HttpContext.Current.User.Identity.IsAuthenticated)
                {
                      String[] myRoles =  []//add the roles;                //2007-05-18修改

                    System.Web.Security.FormsIdentity id;
                    id = (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;

                    HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, myRoles);
                 }
            }

     

    I hope it can help you .

  • Re: AD (Active Directory) Custom Membership Provider. Examples I understand. However, what type of access does the account need that you connect with?

    05-14-2008, 6:25 PM
    • Loading...
    • FMastro
    • Joined on 01-22-2004, 4:16 PM
    • Tampa, FL
    • Posts 148

    Thanks, so I guess by your statement it can just be any old domain user with no specific domain rights needed.  Thanks for the role info, I'm going to work on that next.

    ...Mastro...
    HostedForYou.Com

    3 for 1 Web Hosting Packages
Page 1 of 1 (3 items)
RSS Available

Advertise on ASP.NET

About this Site