Simple username login with membership provider in Active Directory

StackOverflow https://stackoverflow.com/questions/9445441

Question

I use Active Directory for authentication through ActiveDirectoryMembershipProvider in one of my ASP.Net projects.

I connect to it successfully with this LDAP connection string:

LDAP://server/DC=mydomain,DC=com

but two issues remain :

  1. calling Membership.GetUser("moravej") returns Null whereas calling Membership.GetUser("moravej@mydomain.com") get a correct object. Is there anyway to solve this? I don't want to make the users to use their complete name when AD is transparent to them. Also I prefer not to change my codes to concatenate @mydomain.com to entered values (because of lots of changes I need)

  2. I want the membership to be able to use all AD users for login. (it does it in this case) but I want to all the users that will be created by my application goto a CRM OU. If I set the connection string to LDAP://server/OU=CRM,DC=mydomain,DC=com it returns null when I call Membership.GetUser() for users that are not in this OU.

Is there any way to solve these issues?

Thanks in advance

Was it helpful?

Solution

According to this page here, you can define to use the SAMAccountName for your logon - with some config:

The default configuration for the ActiveDirectoryMembershipProvider uses User Principal Names (UPNs) for name mapping as shown in the following example.

attributeMapUsername="userPrincipalName"

Because of this, all user names must have the format UserName@DomainName; for example: mary@testdomain.com or steve@testdomain.com.

But you can change that - see the paragraph below:

You can change the name mapping so that it uses simple user name format by setting the following attribute in the Membership Provider configuration in the Web.config file.

attributeMapUsername="sAMAccountName"

With this configuration, you can use simple user names, for example: Mary or Steve.

That appears to be what you're looking for - right?

So in your web.config, you should have a configuration entry something like this (of course - use your connection string names etc. - this is just a sample!)

<system.web>
<membership defaultProvider="MyADMembershipProvider">
   <providers>
      <add name="MyADMembershipProvider"
           type="System.Web.Security.ActiveDirectoryMembershipProvider,
                 System.Web, Version=2.0.0.0, Culture=neutral,
                 PublicKeyToken=b03f5f7f11d50a3a"
           connectionStringName="ADConnectionString"
           attributeMapUsername="sAMAccountName"/>  <== this is the magic to turn ON
  </providers>
</membership>
</system.web>

For problem #2: if you want all users, then set your connection string for the membership provider to LDAP://server/DC=mydomain,DC=com so that it connects to the domain root of your AD domain.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top