I can never get this connection string to work, it keeps telling me that it is an invalid LDAP adspath.:
LDAP://chestnut.net/CN=Users,DC=chestnut,DC=net

Could this be a permissions thing, because I am not Domain Admin, but I do have Create/Delete Users and groups permission in Active Directory.

You can always figure out the correct path by checking the RootDSE in the domain you are interested in:

DirectoryEntry root = new DirectoryEntry("LDAP://RootDSE");

using (root)
{
    string dnc = root.Properties["defaultNamingContext"][0].ToString();
    string server = root.Properties["dnsHostName"][0].ToString();

    string adsPath = String.Format(
        "LDAP://{0}/{1}",
        server,
        dnc
        );
}

Run this from a local (non-ASP.NET) application to get your string value.  Then use that for your ASP.NET applications.

That gave me a path that didn't work either. It said DC=chestnut,DC=net. That exact path did not work (of course with LDAP added). It kept telling me that the server could not be found. Now if I input this code:

Protected Sub LoginBtn_Click(ByVal sender As Object, ByVal e As System.EventArgs)
        Dim adPath As String = "LDAP://chestnut.net/CN=SR-Network_Team,OU=SR,DC=chestnut,DC=net" 'Path to your LDAP directory server
        Dim adAuth As FormsAuth.LdapAuthentication = New FormsAuth.LdapAuthentication(adPath)
        Try
            If (True = adAuth.IsAuthenticated(DomainBx.Text, UserNamBx.Text, PassBx.Text)) Then
                Dim groups As String = adAuth.GetGroups()

                'Create the ticket, and add the groups.
                Dim isCookiePersistent As Boolean = chkPersist.Checked
                Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
                     UserNamBx.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups)

                'Encrypt the ticket.
                Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)

                'Create a cookie, and then add the encrypted ticket to the cookie as data.
                Dim authCookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)

                If (isCookiePersistent = True) Then
                    authCookie.Expires = authTicket.Expiration
                End If
                'Add the cookie to the outgoing cookies collection.
                Response.Cookies.Add(authCookie)

                'You can redirect now.
                Response.Redirect(FormsAuthentication.GetRedirectUrl(UserNamBx.Text, False))

            Else
                errorLabel.Text = "Authentication did not succeed. Check user name and password."
            End If

        Catch ex As Exception
            errorLabel.Text = "Error authenticating. " & ex.Message
        End Try
    End Sub

I am getting my errorLabel text "Authenication did not succeed. Check user name and password."
Now I am assuming that my connectivity is not an issue now. The user credentials are correct, the domainbx.text=chestnut.net is correct. I am left to think that it is dealing with the cookies creation. Any suggestions?

If you are running this under the ASPNET account, you cannot use serverless binding.  It is dependant on the netlogon locator service.  It needs to run under domain credentials to know which domain to use a serverless bind against.

You can rectify this in your code by adding the domain to the beginning of the AdsPath or by adding a specific controller:

LDAP://<servername>/DC=chestnut,DC=net

or

LDAP://chestnut.net/DC=chestnut,DC=net

As long as your DNS is not bunged up, it should resolve for you.

Now, that only will fix the ability for you to get a proper SearchRoot for the DirectorySearcher.  I have no idea based on the code that you show if there is another issue that is causing the code to fail.  If you got this particular code from MSDN called "Forms Auth with Active Directory", it tends to have problems and is one of their more craptastic examples.

I did get it from MSDN. This is my adspath string:
"LDAP://chestnut.net/CN=SR-Network_Team,OU=SR,DC=chestnut,DC=net"

as you can see, I do have chestnut.net at the beginning. This SR-Network_Team is a group in our Active Directory that have members that I only want to have access to the site that I am creating and it is located in that OU. So there is were I want it to authenicate against in the active directory. As far as the rest of the code, I guess I will have to go line by line and figure it out.

Ah... I see the problem.  I should have asked what the SR-Nework_Team was.  I assumed it was a container you created.  That is definitely your problem.

Groups do not hold other objects in AD.  They have attributes which point to other objects.  Containers like CN=Users or organizational units like OU=someOU hold objects.  You are searching the directory to see if a users exists.  You need to give it a location in your directory that is a parent to your users.  So just cut everything off until the DC= stuff and you would be good.

What will happen is that it will bind and authenticate the user.  It is then up to you to check the user's group membership using User.IsInRole("SR-Network_Team") to see if they are in the group you want them to be.

It is all dependant on you finding them first.

dunnry:

Ah... I see the problem.  I should have asked what the SR-Nework_Team was.  I assumed it was a container you created.  That is definitely your problem.

Groups do not hold other objects in AD.  They have attributes which point to other objects.  Containers like CN=Users or organizational units like OU=someOU hold objects.  You are searching the directory to see if a users exists.  You need to give it a location in your directory that is a parent to your users.  So just cut everything off until the DC= stuff and you would be good.

What will happen is that it will bind and authenticate the user.  It is then up to you to check the user's group membership using User.IsInRole("SR-Network_Team") to see if they are in the group you want them to be.

It is all dependant on you finding them first.

Many thanks for this tip. I got mine to work after several days of searching on the asp.net forum and posting. But here's what I am wondering. Instead of checking the group as you suggested, is there a way to create roles and/or users that I want to allow to the page inside the web.config file? I will only allow a couple of users to this page so is there a way to specify which user can log into this page in the web.config file? Same thing with the roles, can I also specify the roles in the web.config file?

Again, thanks for your help.

Okay, I just realized I got this error everytime I compiled.

Message    1    Could not find schema information for the element 'http://schemas.microsoft.com/.NetConfiguration/v2.0:configuration'.    U:\web.config    10    2    U:\

Here's my web.config
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <appSettings/>
    <connectionStrings>
        <add name="DBConnectionString" connectionString="Data Source=myServer\Tom;Initial Catalog=myDB;Persist Security Info=True;User ID=myUser;Password=myPass" providerName="System.Data.SqlClient"/>
        <add name="ADConnectionString" connectionString="LDAP://mySite.com/DC=mySite,DC=com" />
    </connectionStrings>
    <system.web>
   
        <compilation debug="true" strict="false" explicit="true">
            <assemblies>
                <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
        <pages>
            <namespaces>
                <clear/>
                <add namespace="System"/>
                <add namespace="System.Collections"/>
                <add namespace="System.Collections.Specialized"/>
                <add namespace="System.Configuration"/>
                <add namespace="System.Text"/>
                <add namespace="System.Text.RegularExpressions"/>
                <add namespace="System.Web"/>
                <add namespace="System.Web.Caching"/>
                <add namespace="System.Web.SessionState"/>
                <add namespace="System.Web.Security"/>
                <add namespace="System.Web.Profile"/>
                <add namespace="System.Web.UI"/>
                <add namespace="System.Web.UI.WebControls"/>
                <add namespace="System.Web.UI.WebControls.WebParts"/>
                <add namespace="System.Web.UI.HtmlControls"/>
            </namespaces>
        </pages>
        <authentication mode="Forms">
            <forms name=".ADAuthCookie" timeout="10" loginUrl="Admin/Login.aspx"/>
        </authentication>
        <authorization>
            <deny users="?" />
            <allow users="*" />
        </authorization>
        <membership defaultProvider="ActiveDirectoryMembershipProvider">
            <providers>
                <add
                  name="ActiveDirectoryMembershipProvider"
                  type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
            Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                  connectionStringName="ADConnectionString" />
            </providers>
        </membership>
<customErrors mode="Off"/>
    </system.web>
</configuration>

The page works fine under a web browser but I kept getting this error  when building the page. Help is appreciated.

Make sure you have selected ASP.NET 2.0 in your IIS MMC as the version of ASP.NET to use.  It is likely that you have 1.1 selected now.  You should see an ASP.NET tab there in the properties where you can set it.

As for declarative security in your web.config - there certainly is a way to do what you are asking.  Look up the <location> tag as well as the <authorization> and <allow>, <deny> tags.  I know there are a few samples on MSDN as well as the Security forum here.

Thanks for the response. Yes, I'm positive that we are using ASP.NET 2.0. The error I mentioned only occurs when I build the page. The page works fine when viewing through the browser. So I'm not sure where the cause is since I already am using ASP.NET 2.0.

Where do I look up all the tags you mentioned?

You can find the tag starting here.  Check to make sure you web.config is declaring the right version of the schema it is using.  MS has gone through a few iterations with the betas.  I am not sure what the right one would be, but look around and see if you don't have either old tag names or old schema namespace.

Thanks dunnry. This helped a lot. Our users are all in OU's and could not for the life of me figure out how to authenticate the users. Removed the CN=Users bit and it worked fine.

 >Thanks dunnry. This helped a lot.

Please mark Dunry's answer as answering your question.