Monday, October 25, 2010

Forms Authentication against Active Directory

While trying to authenticate against AD I ran into some problems and was wondering if it was my ldap connection string.  Found a great way to verify it with the Group Policy Result tool (
gpresult.exe /r
It lists all sorts of items about the currently logged in user - look for the "User Settings" section, and the first line shows you the exact path to your entry.  In my case:

CN=John Hennesey,CN=Users,DC=domain,DC=com

and there is an entry "group policy was applied from" - there's your

and the web.config entries (no magic here - this is on thousands of web pages - this is for easy reference in the future)

      <add name="ADConnectionString" connectionString="LDAP://,DC=domain,DC=com"/>

<authentication mode="Forms">
      <forms name=".ADAuthCookie" timeout="10"/>
      <deny users="?"/>
<allow users="*"/>
<membership defaultProvider="MyADMembershipProvider">
      <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=,         Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName"/>

Couple this with the asp Login control, and all set.  Easy!

No comments:

Post a Comment