Hello

 I am developing a web site in VS 2008 (Web Developer) and I want to do LDAP authentication. I have looked up many how tos but I cannot seem to figure out how to get it to work.

I placed the <identity impersonate="true"> into my web.config file but after that I'm stuck.

The examples I have seen use C# code but I am using VB code. One example was using a class but I have no idea how to use a class in Web Developer.

The main issues are what code do I need to put into the project and also where in the project do I placed the code ie. in the code of the login.aspx page or the login.vb.aspx page or a seprate class file and do I need to place more into the web.config page?

Thank you for any help and guidence.

Ty

Do you want to use Forms or Basic HTTP authentication?  Do you simply want to authenticate based on username and password or do you want to validate whether users are within certain roles?

What I have is a master page and various container pages. I have a login form that is just a username and password box.

I guess is does not really matter as to which type form or HTTP.

I am going to first validate username and password then I will pull out other information from AD but probably be assigning access right manually.

Thanks,

Ty

 You can start with the following elements in your web.config:

	<connectionStrings>
		
		<remove name="ADConnectionString"/>
		<add name="ADConnectionString" connectionString="LDAP://dc01.mydomain.com/OU=group,DC=mydomain,DC=com"/>
	</connectionStrings>
	<system.web>
		<authentication mode="Forms">
			<forms loginUrl="Login.aspx" protection="All" timeout="30" name="AppNameCookie" path="/" requireSSL="true" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false"/>
		</authentication>
		<authorization>
			<deny users="?"/>
			<allow users="*"/>
		</authorization>
		<membership defaultProvider="MembershipADProvider">
			<providers>
          <clear/>
				<add name="MembershipADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" connectionUsername="admin" connectionPassword="pass"/>
			</providers>
		</membership>

In your Login.aspx page have the following:

 <asp:Login ID="Login1" runat="server" MembershipProvider="MembershipADProvider" >
           </asp:Login>

In your login.aspx codebehind have the following event handler for Login1.Authenticate

   Protected Sub Login1_Authenticate(ByVal sender As Object, _
        ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate

        Dim isValid As Boolean = Membership.ValidateUser(Login1.UserName, Login1.Password)

        e.Authenticated = isValid

        If isValid Then

            FormsAuthentication.RedirectFromLoginPage(Login1.UserName, True)
        End If
    End Sub

Sorry I'm just getting back to you. I had some other issues to work out before trying your code.

I am getting  the error - Unable to establish a secure connection with the server.

<add name="MembershipADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" connectionUsername="admin" connectionPassword="pass"/>
 I do have a correct username and password added on my end and I am hitting AD as I played around with the connection string.

Any help would be apperciated.

Thanks,

Ty

Hi TBarton,

Try changing connectionProtection="None" or connectionProtection="Secure"  depending on LDAP port you are hitting on.

<add name="MembershipADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" connectionUsername="admin" connectionPassword="pass connectionProtection="None"/>

Also the steps in this blog http://carso-owen.blogspot.com/2007/02/activedirectorymembership-aspnet.html

ConnectionProtection="None" still gives same error

ConnectionProtection="Secure" gets server not functional error.

I cannot install ADAM on our severs.

Any other thoughs?

This cannot be the only way to connect to AD. We did a software evaluation that I beleive did something with impersonation.

Thanks,

Ty

Hi TBarton,

By default, you are not allowed to perform password operations over a non-secured

connection to an ADAM instance. You can disable this requirement by using the

dsmgmt.exe tool included with ADAM. Open the ADAM Tools Command Prompt and

type the following series of commands:

1. Type dsmgmt.

2. Type ds behavior.

3. Type connections.

4. Type connect to server localhost:389(Or whatever is your server name and port)

5. Type quit.

6. Type allow passwd op on unsecured connection.

7. Type quit.

If you don’t use an SSL connection, then passwords are transmitted in plain text. Don’t

do this in the case of a production application.

 Hope this helps

Hi pradeepy,

I'm not using ADAM.

That was what another user suggested.

Thanks,

Ty

Hi

I you not use MS LDAP you need to user Forms_authentication. IIS not support the impersonate with Novell Directory.

For Netware we are using the IP/Works or IP/Works SSL LDAP and LDAPS Controls. They works fine. This Control works fine with LDAP and Certificate Authentication with novell directory.

Check the nsoftware.com

Lett me know if you need more help or some Example. Its also possible to use SSL between your IIS and your LDAP.

Lubos 

Forgive me if I am not making myself clear as I'm not very familiar with LDAP.

We do use LDAP. I was under the impression that ADAM was something that is not installed with LDAP by default but something you had to install as an add on.

Thanks,

Ty