Friday, April 24, 2015

ASP.NET Forms Authentication with Active Directory Lightweight Directory Services (ADLDS)

Setting up ASP.NET Forms Authentication with Active Directory is relatively easy, however, I had a recent requirement to support Active Directory Lightweight Directory Services (ADLDS).

Unfortunately, it is very difficult to find information about how to provide connection string information for ADLDS.

After searching far and wide on the Internet, I finally found a reference on how to do this through Google Books: https://books.google.com/books?id=Qt3TeJJkG5oC&pg=PA510&lpg=PA510&dq=adam+asp.net+connection+string&source=bl&ots=b07V6YlxOI&sig=yxN5oMyXlzgX7LBDhkHoqpWi1rc&hl=en&sa=X&ei=3lM3VY3RLLLgsAT564Ew&ved=0CDAQ6AEwAw#v=onepage&q=adam%20asp.net%20connection%20string&f=false

Though it references the older name of ADAM, the connection string information remains the same for ADLDS:

<connectionStrings>

   <add name="adamConnection" connectionString="LDAP://localhost:389/OU=ApplicationUsers,O=MyOrganization,DC=corsair,DC=com"/>

</connectionStrings>







<membership defaultProvider="adamprovider">

   <providers>

     <add

        name="adamprovider"

        type="System.Web.Security.ActiveDirectoryMembershipProvider"

        connectionStringName="adamConnection" connectionProtection="None" attributeMapUsername="userPrincipalName"

        connectionUsername="CN=ApplicationUsersAdministrator,OU=PartitionUserAccounts,O=MyOrganization,DC=corsair,DC=com"

        connectionPassword="pass!word1" />

   </providers>

 </membership>


If you want to use an instance of ADLDS that is secured with SSL, then the information remains largely the same:




<connectionStrings>
   <add name="adamConnection" connectionString="LDAP://localhost:636/OU=ApplicationUsers,O=MyOrganization,DC=corsair,DC=com"/>
</connectionStrings>



<membership defaultProvider="adamprovider">
   <providers>
     <add
        name="adamprovider"
        type="System.Web.Security.ActiveDirectoryMembershipProvider"
        connectionStringName="adamConnection" connectionProtection="Secure" attributeMapUsername="userPrincipalName"
        connectionUsername="CN=ApplicationUsersAdministrator,OU=PartitionUserAccounts,O=MyOrganization,DC=corsair,DC=com"
        connectionPassword="pass!word1" />
   </providers>
 </membership>

Notice that the LDAP connection changes only by the port number to 636, but still does not support LDAPS.

 

For the Membership Provder, the only attribute that changes is connectionProtection from “None” to “Secure”


Of course, the ApplicationUsersAdministrator account has to be a member of the Administrators group in ADLS in order for this to work (You can do this using ADSI Edit), however, once you have that set up you should be able to use ASP.NET Forms Authentication with ADLDS in much the same way as a normal Active Directory installation!


No comments:

Post a Comment