Last post Aug 23, 2008 07:42 AM by ssg31415926
Aug 19, 2008 10:37 AM|FrankMatteson|LINK
Here's my issue,
I am using Windows Authentication w/ Identity Impersonate="True", along with SQLRoleProvider and ActiveDirectoryMembershipProvider. All seems to work properly until I try creating roles with access rules in the .net configuration. Here's what I believe seems
to be my problem. When users hit the application their Windows Authenticated name resolves to "DOMAIN\Username". But in my A.D. membership provider I am specifying the attributeMapUsername="sAMAccountName" and the sAMAccountName resolves to just "Username".
Our current A.D. schema doesn't contain the "DOMAIN\" in any attributes....has anyone else run into this or have an idea on ways around this or maybe I even am doing something wrong here. Any info would be appreciated, thanks!
Here's the main part of the code
<authentication mode="Windows" />
<identity impersonate="true" />
<roleManager enabled="true" defaultProvider="SqlRoleProvider">
<add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SQL_ConnectionString"/>
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="AD_ConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName"
Aug 22, 2008 05:30 AM|ssg31415926|LINK
This isn't something I do but it sounded quite interesting so I thought I'd have a dig. After a long search, I found this article: http://blogs.pointbridge.com/Blogs/PointBridge/Pages/Post.aspx?_ID=69
If you look at the table about half-way down, the author says "Windows authentication: The user name is windows user in format Domain\Username the only way to make this work if you make the changes in the SQL database directly."
which seems to describe your problem and is bad news.
Do you have to use the SqlRoleProvider? If not, you could look at the
AuthorizationStoreRoleProvider. I use this for one of my sites - it's quite easy to use.
Aug 22, 2008 04:23 PM|FrankMatteson|LINK
Aug 23, 2008 07:42 AM|ssg31415926|LINK
Any chance you could post your custom provider code. Could be useful for someone else.
P.S. Could you mark the thread as resolved/answered so that it loses its red question mark in the forum list.